cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Stew141
Viewer

IT SECURITY / AUDITOR DATA GATHERING AND AUDITING TOOLS

Hi everyone, I am a long time  IT Auditor / Security Pro.  Over the years I've seen various struggles with conducting core IT audit tasks such as gathering and reviewing AD users and group information, and various teams ability to conduct meaningful IT Audits of technical subjects with limited resources/skill sets.  (I also see this as an issue within IT Security departments)

So, I've decided to do something about it.  I'm developing a set of IT Audit Tools designed specifically for Auditors/Consultants to be able to gather technical information and produce audit reports.  The goal is to allow anyone to be able to conduct a technical assessment and have meaningful findings/recommendations without having to be a super geek or expert in every IT area.

I'd love to get your feedback on my tools and gauge the potential demand for these products.  Please check out my website and send me some feedback.  I would be eternally grateful!
https://blackboxauditor.com 

-Stewart, CISA, CISSP, QSA

3 Replies
smeek
Viewer II

I went there and message said you caught us before ready. Can't really help.

rslade
Influencer II

> Stew141 (Viewer) posted a new topic in Tech Talk on 02-20-2019 10:16 AM in the

> Hi everyone, I am a long time  IT Auditor / Security Pro.  Over the years I've
> seen various struggles with conducting core IT audit tasks such as gathering and
> reviewing AD users and group information, and various teams ability to conduct
> meaningful IT Audits of technical subjects with limited resources/skill sets. 
> (I also see this as an issue within IT Security departments) So, I've decided
> to do something about it.  I'm developing a set of IT Audit Tools designed
> specifically for Auditors/Consultants to be able to gather technical information
> and produce audit reports.  The goal is to allow anyone to be able to conduct a
> technical assessment and have meaningful findings/recommendations without having
> to be a super geek or expert in every IT area.

Laudable goal and intent, but be careful. I'm old enough to remember SATAN [1]
(eventually renamed SANTA, in a vain attempt to tamp down the outrage) and
the furor that erupted over it. It was basically the same idea ...



[1] - Security Administrators Tool for Analysing Networks, not that anyone ever
paid attention to the expansion ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Son of man, prophesy against the shepherds of Israel; prophesy
and say to them: 'This is what the Sovereign Lord says: Woe to
the shepherds of Israel who only take care of themselves! Should
not shepherds take care of the flock?' - Ezekiel 34:2
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Stew141
Viewer

Anybody else have feedback on the site?  https://blackboxauditor.com