Solved

What does a Network Administrator need to know about SAS70

Posted on 2009-05-18
2
267 Views
Last Modified: 2012-05-07
I have just found out that we may need to become SAS70 compliant.  

I have tried to research on the interent, but find long drawn out explanations on the history and assorted blah, blah...

What do I as a Network Administrator need to know about SAS70?  What types of documentation will I need to Supply, what types of restrictsions will I need to put in place?
0
Comment
Question by:brittonv
2 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 24415383
I worked for 13 years at a financial institution, so here is some advice to get you started:

 - Most of the IT stuff is really common sense, security 101.   Password change policy, lockout policy, dual control on sensitive items, classification of critical data, etc...   It really covers the control of transactions and is meant to be a report to provide to customers to raise their level of confidence in your company standards because it meets certain guidelines.

 - If you've never been audited before, think about getting a 3rd party service to come in and help you prepare.    I had internal audit assist me with various GLBA, SOX compliance stuff before the real audit happened.    

-  Everything must be documented.   If its not on paper and on file, it doesn't exist.   Even if you can show a control is in place by opening the console and clicking around, it doesn't matter.   Auditors love paper.  

- Depending on the type of systems you are protecting, there are different base line practices you would need.   For example, a banking host system would need documented controls on password changes, dual control for access grants, etc...      

- Once the sas70 auditor does his thing, you'll get a list of items that the auditor thinks "needs improvement".   Expect things like password complexity enforcement, longer lockout periods, better access control for admins, review of admin activity, review of firewall logs, etc....  

Most of the stuff will be security 101
- Enable passwords of 7 characters with complex passwords enforced.
- Have no open data shares, every share must be secure.
- Have an application owner/grantor to review and approve changes to application access
- HAve a system to review application access changes
- Review perimeter defence, log attempts, dual external firewall control


Hope that gets you started.    If you really need help, hire a 3rd party to come in and give you a SAS-70 checkup before the real audit.  They will help you identify and plug any holes that would result in an unfavorable review.  

0
 
LVL 8

Author Closing Comment

by:brittonv
ID: 31582719
Outstading response!  Exactly what I was looking for.  Thanks!
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unifi AP 4 45
Linksys 4 port wireless router 62 42
Public DNS? 10 51
Need Help setting up a Virtual Lan on existing network for Test Domain 10 53
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now