Back to basics – Security awareness and education – SAS70

For any security program, you must start at the basics and begin with a information security plan. In a SAS 70 audit, an auditor will examine a CIO’s operations to determine that you have security program management, incident response, and that appropriate training is provided to your employees. Your security plan should include at least include:

·          Procedures to protect and provide access to IT systems and applications

·          Procedures to report incidents when they occur

·          Investigation practices required to prevent future incidents

·          The right to revoke any user access at anytime

Training should occur regularly for all employees and no employee should be granted access to your systems without taking your company’s network security training. Do you have a plan in place? If so, send me a generic sample and I will share it with our readers. Sas70expert@gmail.com