Home > IT Blogs > SAS 70 > Network Security
>>VIEW ALL POSTS  

SAS 70

»
Jun 9 2008   3:59PM GMT

Network Security



Posted by: SAS70ExPERT
Auditing, Compliance, DataCenter, Exchange, Networking, SAS 70, Security

SAS70ExPERT@gmail.com.

Do SAS70 audits adequately reduce network security risk within your Company? Many SAS70 audits do not. I have found that many audits only review high level security measures. The audits do not perform any penetration testing or do not run any software diagnostics to identify network security flaws which would allow intruders access to critical Company data. What are some of the more critical access points to your network that should be tested? How would you perform testing?

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment:

Unixboy  |   Jun 13, 2008  5:27 PM (GMT)

No, SAS70 audits do not adequately reduce network security unless you have a knowledgeable auditor. Of course you must have a CPA firm to perform the audit and provide an opinion. In addition, the auditor should have extensive experience in performing SAS70 audits so that they will help you to identify the most likely network security risks and vulnerabilities. The reduction in security risk really depends on the expertise of the auditor and the value you demand from the audit. I have read many SAS 70 audits from small firms and they seem to have more indepth auditing than those of the Big 4 accounting firms. It seems that Big 4 firms don’t assign experienced auditors to perform these types of audits and that most are right out of college.