Posted by: SAS70ExPERT
Auditing, Compliance, DataCenter, Exchange, Networking, SAS 70, Security
Do SAS70 audits adequately reduce network security risk within your Company? Many SAS70 audits do not. I have found that many audits only review high level security measures. The audits do not perform any penetration testing or do not run any software diagnostics to identify network security flaws which would allow intruders access to critical Company data. What are some of the more critical access points to your network that should be tested? How would you perform testing?