topic Re: IT SECURITY / AUDITOR DATA GATHERING AND AUDITING TOOLS in Tech Talk

IT SECURITY / AUDITOR DATA GATHERING AND AUDITING TOOLS

Stew141 — Wed, 20 Feb 2019 15:16:18 GMT

Hi everyone, I am a long time IT Auditor / Security Pro. Over the years I've seen various struggles with conducting core IT audit tasks such as gathering and reviewing AD users and group information, and various teams ability to conduct meaningful IT Audits of technical subjects with limited resources/skill sets. (I also see this as an issue within IT Security departments)

So, I've decided to do something about it. I'm developing a set of IT Audit Tools designed specifically for Auditors/Consultants to be able to gather technical information and produce audit reports. The goal is to allow anyone to be able to conduct a technical assessment and have meaningful findings/recommendations without having to be a super geek or expert in every IT area.

I'd love to get your feedback on my tools and gauge the potential demand for these products. Please check out my website and send me some feedback. I would be eternally grateful!
https://blackboxauditor.com

-Stewart, CISA, CISSP, QSA

Re: IT SECURITY / AUDITOR DATA GATHERING AND AUDITING TOOLS

smeek — Wed, 20 Feb 2019 17:38:03 GMT

I went there and message said you caught us before ready. Can't really help.

Re: IT SECURITY / AUDITOR DATA GATHERING AND AUDITING TOOLS

rslade — Wed, 20 Feb 2019 20:26:35 GMT

> Stew141 (Viewer) posted a new topic in Tech Talk on 02-20-2019 10:16 AM in the

> Hi everyone, I am a long time IT Auditor / Security Pro. Over the years I've
> seen various struggles with conducting core IT audit tasks such as gathering and
> reviewing AD users and group information, and various teams ability to conduct
> meaningful IT Audits of technical subjects with limited resources/skill sets.
> (I also see this as an issue within IT Security departments) So, I've decided
> to do something about it. I'm developing a set of IT Audit Tools designed
> specifically for Auditors/Consultants to be able to gather technical information
> and produce audit reports. The goal is to allow anyone to be able to conduct a
> technical assessment and have meaningful findings/recommendations without having
> to be a super geek or expert in every IT area.

Laudable goal and intent, but be careful. I'm old enough to remember SATAN [1]
(eventually renamed SANTA, in a vain attempt to tamp down the outrage) and
the furor that erupted over it. It was basically the same idea ...

[1] - Security Administrators Tool for Analysing Networks, not that anyone ever
paid attention to the expansion ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Son of man, prophesy against the shepherds of Israel; prophesy
and say to them: 'This is what the Sovereign Lord says: Woe to
the shepherds of Israel who only take care of themselves! Should
not shepherds take care of the flock?' - Ezekiel 34:2
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: IT SECURITY / AUDITOR DATA GATHERING AND AUDITING TOOLS

Stew141 — Fri, 22 Feb 2019 16:01:11 GMT

Anybody else have feedback on the site? https://blackboxauditor.com