SAS 70

Jun 9 2008   3:59PM GMT

Network Security

Keith Harrell Profile: SAS70ExPERT

Order Management

Do SAS70 audits adequately reduce network security risk within your Company? Many SAS70 audits do not. I have found that many audits only review high level security measures. The audits do not perform any penetration testing or do not run any software diagnostics to identify network security flaws which would allow intruders access to critical Company data. What are some of the more critical access points to your network that should be tested? How would you perform testing?

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Unixboy
    No, SAS70 audits do not adequately reduce network security unless you have a knowledgeable auditor. Of course you must have a CPA firm to perform the audit and provide an opinion. In addition, the auditor should have extensive experience in performing SAS70 audits so that they will help you to identify the most likely network security risks and vulnerabilities. The reduction in security risk really depends on the expertise of the auditor and the value you demand from the audit. I have read many SAS 70 audits from small firms and they seem to have more indepth auditing than those of the Big 4 accounting firms. It seems that Big 4 firms don't assign experienced auditors to perform these types of audits and that most are right out of college.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: