Every so often, a report gets presented which looks like it was written by the work experience student that was employed by the intern.
So what’s the best way to respond? I went on Twitter to ask the opinion of folk who have to deal with this kind of thing on a regular basis, and distilled their wisdom into 15 tips.
Other honourable mentions go to:
@J4vv4D in that case, this is the only response...https://t.co/AseiwFjZbt
— Mo Amin (@infosecmo) December 6, 2016
@J4vv4D At 1mn05 into this video: https://t.co/GxlOaoxoZu
— Luushanah (@luushanah) December 6, 2016
@J4vv4D Cannot accept this finding. Please provide more information and evidence. If they explain it better, yay, if they can't we're done
— B Miller (@Securithid) December 6, 2016
@J4vv4D ask "what's the risk"
— EoinKeary (@EoinKeary) December 6, 2016
@J4vv4D dear auditor this is my implementation plan: # rm -rf /audit , hope you understand my point
— Juanes (@hcjuan04) December 6, 2016
@J4vv4D how about sending them this video https://t.co/8YSFKPCjoh
— BrianHonan (@BrianHonan) December 6, 2016