Aug 21 2008 12:59AM GMT
Posted by: sas70expert
Compliance,
Auditing,
Monitoring,
CIO,
SAS 70,
CSO
If you have to conduct a SAS70 audit within your organization, are you ready? As a CIO, do you have the necessary leadership skills to make an audit a success?
A recent survey by TechRepublic lists the following criteria that an effective CIO or CSO must have in order to lead a 21st century information technology (IT) team. These characteristics are, but not necessarily in order of priority:
Communication skills
Be a visionary
Able to deal with office politics effectively
Have an understanding of financials
Leverage key technologies
Ability to build a strong team
As a CIO, these characteristics are required to be an effective leader. In addition, these same characteristics will make you an effective CIO or CSO when a SAS70 audit is conducted. From the initial planning and scoping phases of the audit, you must take the initiative to develop a strong relationship with your auditor. Don’t be afraid to tell him all the bad and the good when discussing your IT operations. By developing an open rapport, and having frank discussions, you will be able to quickly develop a lasting bond with your auditor. Do you have this type of relationship with your auditor?
Aug 7 2008 7:06PM GMT
Posted by: sas70expert
Security management,
Security,
Information risk management,
Risk management,
Financials,
CIO,
DataCenter,
CFO,
SAS 70,
CSO
SAS70 audits are becoming a standard for any outsourced organization. As part of the audit process, a company must perform an internal risk assessment of the IT and business related risks. According to a recent survey of IT Executives, here are the top five areas of most concern:
- Security
- Systems management tools
- Virtualization solutions
- Product road map
- Power consumption
While power consumption was number five, I think that it has taken on great significance today than ever before. If you are paying $4.50 at your local gas dealer, then you can expect to continue to pay higher prices for electricity for your data center. What steps are you taking to conserve energy? Are you a part of a “green revolution?” From the component level, the server and rack level and up all the way to the datacenter, I would expect everyone is finding ways to cut costs, and increase profit. I think a risk assessment which reviews the operating details of your Company will assist you in meeting corporate objectives.
Jul 24 2008 1:36AM GMT
Posted by: sas70expert
Security management,
Third-party services,
Security,
Management,
Security Program Management,
Compliance,
Risk management,
Auditing,
Monitoring,
Access control,
Data center operations,
CIO,
SAS 70,
CSO
“Do you understand what impact the outsourced vendor has on your financial stability?” says a SAS 70 auditor. If they fail to make payroll or Friday or if you’re DataCenter fails, what effect will that have on your operations? So as not to be “asleep at the switch,” make sure you understand the vendor’s operations and risks involved. Here are 10 essential specifications that you should have in your service level agreement with you’re outsourced vendor:
1) Data encryption and protection – determine what your vendor is doing from an information technology perspective to protect your information. Are they using applications that have security built-in? Do they have firewalls?
2) Physical Security – review and management of access to buildings and data is critical to protect information technology assets. Tight control must be maintained in order to prevent identify theft and loss of valuable equipment, like exchange servers, racks, and hard drives. Each employee should have ID, preferably biometric, and you should log entry and egress into facilities.
3) Environmental Security – Make sure your data is not only locked in the safe room, but that the environment in the room provides essential protections. Do they have fire extinguishers? Temperature control? Air conditioners? …etc.
4) Confidentiality agreements – Require your business partner/vendor to sign confidentiality agreements/non-disclosure agreements to prevent loss of trade secrets, data, and patents.
5)Employee training – Policies are useless, unless your employees and vendors are trained and aware. Provide all vendors with awareness training of your requirements when processing your information or providing you with services.
6) Require employee background investigations. You want to make sure that the person responsible for managing your money is not a convicted felon. They must have a review of the work history and a validation of the skills.
7)Lastly, Management of vendors- After you have given your requirements to your vendor, how do you know they stay in compliance? A SAS 70 audit is required. Trackback URL
Jul 13 2008 7:19PM GMT
Posted by: sas70expert
Security management,
Administration,
Security,
Strategic Enterprise Management,
Information risk management,
Management,
Security Program Management,
Risk management,
business/IT alignment,
CIO,
DataCenter,
CEO,
CFO,
SAS 70,
CSO
Don’t be fooled by a big accounting name? A suit with a high priced song! No matter what they say, you have to read the SAS70 report in order to determine the depth of testing performed in a SAS70 audit. SAS70 audits have just now become in demand by industry leaders and you have to determine what value you want from the SAS70 audit. Do you need a box checked? Or will you use this audit process to improve your revenue, your internal controls, and to set you apart from your competition? Prices range all over the board – choose your poison wisely – either you choose an auditor with experience and see that their report provides you with the level of detail and testing to required to make your organization better or — you might as well gamble in Vegas more – and take the big accounting name with little testing that provides you with the check box you
Jul 11 2008 6:26PM GMT
Posted by: sas70expert
Third-party services,
Security,
Microsoft Windows,
Management,
Compliance,
Auditing,
Data center operations,
CIO,
CEO,
CFO,
SAS 70,
CSO
When I Google today on SAS70? Wow, I have so many choices. With the rankings of companies - it is confusing and perplexing and that I am not even on the first page. How do I get there without breaking the bank? I have read some on the Google site about it and it has left me wanting more. Just like you, I am searching for ways for companies to recognize me and my site and want to follow the rules so that I can make my site visited. One way is to spend, spend, spend. A SEO consulting firm can get you to the top of the page, but it will take a substantial investment. A beginning company may not want to invest big dollars yet, but their has to be other ways to build brand awareness without selling the computer. Have you hired a SEO consultant? What are your experiences? What are some key things that I should be looking for?
Jul 9 2008 2:34AM GMT
Posted by: sas70expert
Security management,
Third-party services,
Network security,
Security,
Information risk management,
Compliance,
Encryption,
Auditing,
CIO,
DataCenter,
DataManagement,
CFO,
SAS 70,
CSO,
Intrustion management
Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. There are some new tools on the market, including L I N X T E R. http://linxter.com is a data transfer technology that enables programs to communicate through secure, reliable, and auditable channels. They are hyper connective communication channels that can be managed using a web-based tool.What data transfer methods are your using and is it secure, manageable and auditable?sas70expert@gmail.com
Jul 6 2008 4:18PM GMT
Posted by: sas70expert
Security management,
Administration,
Security,
Information risk management,
Management,
Security Program Management,
Compliance,
Risk management,
human factors,
Auditing,
Monitoring,
Access,
Access control,
Network Management Systems,
Network,
CIO,
DataCenter,
CFO,
SAS 70,
CSO
My business requires distribution and collection of data. Much of it resides on a centrally located server; however, there is data on the laptop that has never been transferred over to the server or that may have been taken off the server for project work. As human beings we will never be perfect. Someone will lend access to their laptop to a friend or customer, a laptop will be lost or stolen, and an unprotected USB drive is a loaded gun just waiting to have the trigger pulled so that data can be transferred off your laptop. Laptops with sensitive data that goes unprotected, can become a media nightmare, a legal hassle and a may limit your customer retention and market growth — a serial killer that stops your business growth and the vendors that support you.
To protect data loss, we now have L0-jack services for laptops when they are stolen. The laptop can be found and once connected to a network will be shut down.But what about the ease we have to install and transfer data to others using USB drives. Even if you use a USB drive that requires a password, is that enough security? I have read recently that laptops were returned after being lost that contained sensitive data such as social security numbers for big companies – including Google. Now that they have the laptop back, is the risk over? What if the data was transferred off the laptop onto a USB drive?
Just like for the SAS70 audit, you have to perform a risk assessment to determine the controls that must be in place, and identify those that can be implemented as time permits. In the situation above, I don’t think focusing on the number of ways that data can be taken off laptops is the key to reducing risk. You should focus more on identifying the type of data that you have, mark the sensitive data, and control access to it – by limiting users, strengthening laptop controls around the sensitive data, and identifying opportunities to record transfer of sensitive data which would provide an audit trail. How are you controlling your data on your laptops?
Jul 1 2008 5:45PM GMT
Posted by: sas70expert
Security management,
Third-party services,
Administration,
Database issues,
Disaster Recovery,
Networking,
Active Directory,
Network security,
Storage,
Security,
Network monitoring,
Servers,
Microsoft Windows,
Information risk management,
Management,
Security Program Management,
Risk management,
human factors,
Database,
Database Management Systems,
business/IT alignment,
Access,
Financials,
Access control,
Industry Solutions,
Data center operations,
Network Management Systems,
Data center design,
Network,
CIO,
DataCenter,
DataManagement,
CEO,
management software,
Single sign-on,
FTP,
CFO,
cooling systems,
Backup & recovery,
Exchange,
Backup,
power systems,
SAS 70,
budget,
bugeting,
CSO
It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com
Jun 30 2008 3:19AM GMT
Posted by: sas70expert
Third-party services,
Networking,
Network security,
Network monitoring,
Strategic Enterprise Management,
Microsoft Windows,
Management,
Database Management Systems,
Industry Solutions,
Data center operations,
Network Management Systems,
Blackberry,
Data center design,
CIO,
Mobile,
DataCenter,
DataManagement,
CEO,
CFO,
storage arrays,
cooling systems,
Exchange,
power systems,
SAS 70,
CSO,
Rack systems
Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?
