Encryption

Sep 14 2008   11:17PM GMT

Encrypting for Security - SAS70

Posted by: sas70expert
Uncategorized, Networking, Network monitoring, Identity & Access Management, routers, Security Program Management, Encryption, Auditing, Development, Network

SAS 70 audits review the not only the security of your networks but of the data that is transported across your networks and on the security of your data that remains on your servers and laptops. Before choosing an encryption vendor, there are factors you consider:

• What administrative actions are required? Can keys be changed and modified by the user or does your network administrator have to take action? What if the key is compromised, can it be changed at will? If the key is changed, how do you remember it?
• What steps are taken to manage keys? Are keys kept in a secure database or are they managed individually? Independent solutions allow you more flexibility, but independent users may not always follow the company standards which may give hackers an opportunity.
• Are multiple keys supported and can you create a master? The more critical and sensitive the data, the tougher the key should be crack. 
• Is there PKI in corporation? Does the encryption product integrate with an existing PKI production ro des it require software in order to function? Any vendor solution should be able too.  Trackback URL

Jul 29 2008   11:51PM GMT

SAS70 audit exceptions

Posted by: sas70expert
Compliance, Encryption, Auditing, CIO, SAS 70

As I have read many SAS 70 audit reports, my perception of the quality of audit reports is varied. As I stated in previous blogs, there are different standards with which to use to implement information technology controls; however, the SAS70 standard does not require an auditor to meet specific information security requirements. Therefore, an auditor may audit network security rather heavily or not at all. If the SAS 70 standard was changed to provide specific requirements related to IT that were to be audited, then more benchmarking of the effectiveness of controls and of the SAS 70 audit would be available. How do you feel about the quality of audit coverage of network security controls in your SAS70 audit?  Trackback URL

Jul 9 2008   2:34AM GMT

If data is your diamond, why aren’t you protecting it? SAS70

Posted by: sas70expert
Security management, Third-party services, Network security, Security, Information risk management, Compliance, Encryption, Auditing, CIO, DataCenter, DataManagement, CFO, SAS 70, CSO, Intrustion management

 Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. There are some new tools on the market, including L I N X T E R. http://linxter.com is a data transfer technology that enables programs to communicate through secure, reliable, and auditable channels. They are hyper connective communication channels that can be managed using a web-based tool.What data transfer methods are your using and is it secure, manageable and auditable?sas70expert@gmail.com

Jun 25 2008   11:21AM GMT

Data Exchange and SAS70

Posted by: sas70expert
Third-party services, Networking, Security, Identity & Access Management, routers, Compliance, Encryption, business/IT alignment, Auditing, Monitoring, Access control, CIO, DataCenter, DataManagement, CEO, FTP, instant messaging, CFO, Email, Exchange, SAS 70, CSO

Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods, suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. What data transfer method are you using and is it secure,manageable and auditable?

 

The types of data transfer continue to evolve and a variety of people with whom companies exchange data is also changing. For example, many companies outsource processes that they used to perform in-house. Furthermore, some even are processed overseas, especially in India. How much control do you have on your outsourced vendor? How do you know that their process to transfer data is secure and managed appropriately?  Trackback URL