- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
It’s a no-brainer – security is easily the No. 1 concern of network executives today. It’s top of mind in all industries, to be sure, but it’s even more critical in areas such as finance and healthcare, in which federal legislation mandates certain security practices and safeguards.
This week’s Management Strategies story in Network World examines one approach many companies are taking to ensure their data is secure - a Statement of Auditing Standards (SAS) No. 70 report. Firms such as Ernst & Young are now conducting security audits, the findings of which are included in an SAS No. 70 report.
The report was developed by the American Institute of Certified Public Accountants and launched in 1992. Internationally recognized, it provides an independent verification of the descriptions of a service provider's control activities and processes.
The audit can be useful to companies that outsource part of their business and must have yearly financial audits. The report will verify the compliance of the provider that carries the company’s data, so the primary auditor doesn’t have to conduct one themselves.
But not everyone thinks the SAS 70 report is bulletproof. Security consultant Jonathan Gossels wrote a white paper, “SAS 70: The Emperor Has No Clothes.”
"SAS 70 is a way for organizations to describe processes in a consistent way. It's a disclosure tool rather than [a tool that says] whether they're secure. So it has a limited objective and value," he says.
Is SAS 70 a great new tool or something less spectacular? Check out this week’s Management Strategies stories in its entirety for more on SAS 70, its uses and expert opinion: http://www.nwfusion.com/careers/2003/0728man.html
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout’s nGenius & Sniffer users.
www.netscout.com
Metzler on CIO Priorities
The top five CIO priorities based on a survey of NetScout users revealing CIOs' top priorities and what they think they should be. Also includes interviews with CIOs of large organizations.
Read the Report
Metzler on Application Delivery
How to eliminate the stovepiped or siloed nature of application delivery from both an organization and a technological perspective.
Read the Brief
Metzler on Network Troubleshooting
Overview of network troubleshooting that provides an assessment of where we are, and where we need to be relative to the complexities of today's IT challenges.
Read the Brief
Comment