Posted by: SAS70ExPERT
CFO, CIO, SAS 70, Security management
What would you pay for a eight gigabyte USB harddrive? Some would say billions; especially if it contained your company’s financial or critical data. Everyday you read about lost or stolen company data which may be your intellectual property, credit card, or other personal medical information of your CFO. They are also the fastest and surest way to give a CIO a security headache. What are you doing to protect these information assets?
If your company or your staff is saving company or customer data to a USB drive; you need to set standards in your security managment program to protect this information. A SAS 70 audit will require you to have standards that include:
1) Require that all data stored on USB drives be encrypted.
2) Require that only USB drives that are password protected be used.
3) Notify and train your employees on this policy and have a procedure in place which requires that an employee report lost or stolen USB drives immediately; otherwise, be prepared for “headlines” and a lawsuit.
Are you involved with securing your corporate data and if so, are you worried about the insecurity of USB disk drives? What measures do you have in place? Sas70expert@gmail.com