SAS 70, the auditing standard, is finding its way onto CSOs' desks. Used correctly, it's a nice start on verifying business partners' security controls. Unfortunately, some people aren't using it correctly.
Readers should be aware that SAS-70's are applicable only to service organizations that process transactions (i.e., they are not appropriate for companies that do not host data). Secondly, SAS-70's are expected to be superseded by international standard ISAE3402 (which should be published by IFAC in 2009), and by SSAE (expected to be published by AICPA in 2010).
Is it accurate to state that SAS70, COBIT, and BS7799 (ISO7799) are all just basic "control templates?" In other words, assuming I'm a hosting provider taking transactions, why would I choose SAS70 over a subset of COBIT?
SAS 70
SAS 70, the auditing standard, is finding its way onto CSOs' desks. Used correctly, it's a nice start on verifying business partners' security controls. Unfortunately, some people aren't using it correctly.
» View Article
Readers should be aware that SAS-70's are applicable only to service organizations that process transactions (i.e., they are not appropriate for companies that do not host data). Secondly, SAS-70's are expected to be superseded by international standard ISAE3402 (which should be published by IFAC in 2009), and by SSAE (expected to be published by AICPA in 2010).
Is it accurate to state that SAS70, COBIT, and BS7799 (ISO7799) are all just basic "control templates?" In other words, assuming I'm a hosting provider taking transactions, why would I choose SAS70 over a subset of COBIT?
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK