As for the technical people, my guess would be that they don't want to be bothered, they view your auditing attempts...
as a threat of some sort, none of them really understand the whole picture, or they don't want to have to practice the discipline of change control.
The primary hurdle you have to overcome is to get management support for your auditing efforts. Sad to say, I learned this the hard way by trying to improve security at a company where upper management didn't have a clue and didn't want to be given one. Once you get management to mandate support for auditing, and it flows down the food chain, you'll get a lot farther.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.