Reports on DLP, Service Auditor Standard & Social Media Security

Posted on August 02, 2010

Social Media:  Business Benefits and Security, Governance and Assurance Perspectives (ISACA)

This week, ISACA released a white paper outlining the five biggest risks posed by social media in the workplace–and how to manage them without banning the technology.  The download page also includes links to a number of other usesful reports on social media by Forbes, Enisa, Web-strategist, and

Download the ISACA report here

New Service Auditor Standard (Replacing SAS70) : A User Entity Perspective (ISACA)

The International Auditing and Assurance Standards Board (IAASB) and the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) have recently approved new standards for reporting on controls at a service organization with a truly global constituency in mind. Under the approach adopted by the IAASB and the ASB, Statement on Auditing Standard No. 70 (SAS 70) will be replaced by two new standards:  an attestation standard that will guide service auditors in the conduct of an examination of, and the resulting reporting on, controls at a service organization and an auditing standard that will guide user auditors in consideration of internal control when processing is performed by a service organization. While these new standards are intended to be a communication from the service auditor to the user independent auditor that permit a user entity independent auditor to fulfill auditing requirements, management at user entities also has recognized its responsibility for designing and implementing internal control over financial reporting, whether performed internally or by a service provider, and acknowledged the benefits of SAS 70 reports as part of their risk management, vendor management or regulatory compliance processes. This paper will address the changes in the new standards and will focus on providing management of user entities with valuable practical guidance on their responsibilities to help ensure that they are ready for the changes.

Download report here

The 2010 Data Loss Prevention Report (Aberdeen Group

AberdeenGroup have temporarily made their 2010 data loss preventation report available for free download.

Report Intro:

Companies achieving top results successfully use content-aware technologies to identify sensitive data across multiple channels, and to invoke a range of remediation options to enforce established security policies. In doing so, they reap the substantial benefits of fewer incidents of data loss or data exposure, fewer audit deficiencies, and lower operational cost.

Download from here

%d bloggers like this: