Sep 19 2008 5:34PM GMT
Posted by: sas70expert
Management,
Risk management,
Financials,
CFO,
SAS 70,
budget
What is a fixed asset you say? And what is it’s value today? Don’t know where to start? Call your insurance company….if you don’t have your most precious business assets formally listed or insured, then you need help. From your insurance policy and from your understanding of what are key components that drive your revenue stream, you should be able to get a good idea of how many computers/servers that you have and what is their monetary value.
After asset identification, make sure you determine the replacement cost of your equipment. Recently, in discussions with IT Director at a Fortune 500 Company, he noted that he had made a formal listing of all his information technology equipment. Soon after, he had a flood to occur in his datacenter. Upon contacting his insurance company, he noted that he would only be reimbursed for the depreciated value of his equipment, not the replacement cost. Your $3000 server that you bought today, may only be worth $700 as soon as you walk out of the store when considering the depreciated value. Lesson learned — List your assets, but also understand how much it would truly cost to replace them.
When determining value, monetary terms are not always identifiable. You may have to perform some “ciphering.” Talk to your Company’s CFO or controller, as you may have to understand how the assets are used to generate revenue. From there, determine if the asset value can be calculated by determining a percentage of revenue. Using a financial ratio to determine value can be very subjective, so it is wise to gather several opinions.
As a starting point in a SAS 70 audit, when examining the risk assessment process, the auditor will want to verify that all critical assets have been identified and if you have assigned appropriate values. If you Google the blue book value of your server, or review Craig’s list to determine the price that similar products are selling for, be sure to keep a record so that your auditor may review also. Get your asset list completed today and determine the values, otherwise you may fail to meet your Corporate objectives. SAS70ExPERT@gmail.com.
Aug 7 2008 7:06PM GMT
Posted by: sas70expert
Security management,
Security,
Information risk management,
Risk management,
Financials,
CIO,
DataCenter,
CFO,
SAS 70,
CSO
SAS70 audits are becoming a standard for any outsourced organization. As part of the audit process, a company must perform an internal risk assessment of the IT and business related risks. According to a recent survey of IT Executives, here are the top five areas of most concern:
- Security
- Systems management tools
- Virtualization solutions
- Product road map
- Power consumption
While power consumption was number five, I think that it has taken on great significance today than ever before. If you are paying $4.50 at your local gas dealer, then you can expect to continue to pay higher prices for electricity for your data center. What steps are you taking to conserve energy? Are you a part of a “green revolution?” From the component level, the server and rack level and up all the way to the datacenter, I would expect everyone is finding ways to cut costs, and increase profit. I think a risk assessment which reviews the operating details of your Company will assist you in meeting corporate objectives.
Jul 13 2008 7:19PM GMT
Posted by: sas70expert
Security management,
Administration,
Security,
Strategic Enterprise Management,
Information risk management,
Management,
Security Program Management,
Risk management,
business/IT alignment,
CIO,
DataCenter,
CEO,
CFO,
SAS 70,
CSO
Don’t be fooled by a big accounting name? A suit with a high priced song! No matter what they say, you have to read the SAS70 report in order to determine the depth of testing performed in a SAS70 audit. SAS70 audits have just now become in demand by industry leaders and you have to determine what value you want from the SAS70 audit. Do you need a box checked? Or will you use this audit process to improve your revenue, your internal controls, and to set you apart from your competition? Prices range all over the board – choose your poison wisely – either you choose an auditor with experience and see that their report provides you with the level of detail and testing to required to make your organization better or — you might as well gamble in Vegas more – and take the big accounting name with little testing that provides you with the check box you
Jul 11 2008 6:26PM GMT
Posted by: sas70expert
Third-party services,
Security,
Microsoft Windows,
Management,
Compliance,
Auditing,
Data center operations,
CIO,
CEO,
CFO,
SAS 70,
CSO
When I Google today on SAS70? Wow, I have so many choices. With the rankings of companies - it is confusing and perplexing and that I am not even on the first page. How do I get there without breaking the bank? I have read some on the Google site about it and it has left me wanting more. Just like you, I am searching for ways for companies to recognize me and my site and want to follow the rules so that I can make my site visited. One way is to spend, spend, spend. A SEO consulting firm can get you to the top of the page, but it will take a substantial investment. A beginning company may not want to invest big dollars yet, but their has to be other ways to build brand awareness without selling the computer. Have you hired a SEO consultant? What are your experiences? What are some key things that I should be looking for?
Jul 9 2008 2:34AM GMT
Posted by: sas70expert
Security management,
Third-party services,
Network security,
Security,
Information risk management,
Compliance,
Encryption,
Auditing,
CIO,
DataCenter,
DataManagement,
CFO,
SAS 70,
CSO,
Intrustion management
Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. There are some new tools on the market, including L I N X T E R. http://linxter.com is a data transfer technology that enables programs to communicate through secure, reliable, and auditable channels. They are hyper connective communication channels that can be managed using a web-based tool.What data transfer methods are your using and is it secure, manageable and auditable?sas70expert@gmail.com
Jul 6 2008 4:18PM GMT
Posted by: sas70expert
Security management,
Administration,
Security,
Information risk management,
Management,
Security Program Management,
Compliance,
Risk management,
human factors,
Auditing,
Monitoring,
Access,
Access control,
Network Management Systems,
Network,
CIO,
DataCenter,
CFO,
SAS 70,
CSO
My business requires distribution and collection of data. Much of it resides on a centrally located server; however, there is data on the laptop that has never been transferred over to the server or that may have been taken off the server for project work. As human beings we will never be perfect. Someone will lend access to their laptop to a friend or customer, a laptop will be lost or stolen, and an unprotected USB drive is a loaded gun just waiting to have the trigger pulled so that data can be transferred off your laptop. Laptops with sensitive data that goes unprotected, can become a media nightmare, a legal hassle and a may limit your customer retention and market growth — a serial killer that stops your business growth and the vendors that support you.
To protect data loss, we now have L0-jack services for laptops when they are stolen. The laptop can be found and once connected to a network will be shut down.But what about the ease we have to install and transfer data to others using USB drives. Even if you use a USB drive that requires a password, is that enough security? I have read recently that laptops were returned after being lost that contained sensitive data such as social security numbers for big companies – including Google. Now that they have the laptop back, is the risk over? What if the data was transferred off the laptop onto a USB drive?
Just like for the SAS70 audit, you have to perform a risk assessment to determine the controls that must be in place, and identify those that can be implemented as time permits. In the situation above, I don’t think focusing on the number of ways that data can be taken off laptops is the key to reducing risk. You should focus more on identifying the type of data that you have, mark the sensitive data, and control access to it – by limiting users, strengthening laptop controls around the sensitive data, and identifying opportunities to record transfer of sensitive data which would provide an audit trail. How are you controlling your data on your laptops?
Jul 4 2008 12:30PM GMT
Posted by: sas70expert
Security management,
Third-party services,
Administration,
Network security,
Security,
Network monitoring,
Information risk management,
Compliance,
Auditing,
Access,
Network,
CIO,
DataCenter,
CEO,
CFO,
SAS 70,
Intrustion management
Yahoo Messenger, Googletalk, and AIM Messenger instant messaging services are frequently used by employees today for work and social networking. Less than 10% of companies today have policies and those that do have policies do not enforce them. Many SAS70 audits find installation of instant messaging software within corporate environments and that it may cause introduction of malicious coding or cause loss of sensitive data. Therefore, should IM security software be standard installation – whether in the form of email and internet security tools, appliances, or third-party hosted solutions. IM security software would protect against incoming Trojan horses/viruses and detect outgoing data loss by using content filtering; logging and archiving all IM messages, and ensure compliance with company policy. Are you using IM security software protection? If so, which one and is it on a third-party hosted platform? Have you found it to be effective?sas70expert@gmail.com
Jul 1 2008 5:45PM GMT
Posted by: sas70expert
Security management,
Third-party services,
Administration,
Database issues,
Disaster Recovery,
Networking,
Active Directory,
Network security,
Storage,
Security,
Network monitoring,
Servers,
Microsoft Windows,
Information risk management,
Management,
Security Program Management,
Risk management,
human factors,
Database,
Database Management Systems,
business/IT alignment,
Access,
Financials,
Access control,
Industry Solutions,
Data center operations,
Network Management Systems,
Data center design,
Network,
CIO,
DataCenter,
DataManagement,
CEO,
management software,
Single sign-on,
FTP,
CFO,
cooling systems,
Backup & recovery,
Exchange,
Backup,
power systems,
SAS 70,
budget,
bugeting,
CSO
It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com
Jun 30 2008 3:19AM GMT
Posted by: sas70expert
Third-party services,
Networking,
Network security,
Network monitoring,
Strategic Enterprise Management,
Microsoft Windows,
Management,
Database Management Systems,
Industry Solutions,
Data center operations,
Network Management Systems,
Blackberry,
Data center design,
CIO,
Mobile,
DataCenter,
DataManagement,
CEO,
CFO,
storage arrays,
cooling systems,
Exchange,
power systems,
SAS 70,
CSO,
Rack systems
Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?
