From SAS 70 to SSAE 16 (Part I): What does it mean?

(This is the first of two reports on SSAE 16, which replaces SAS 70 as the audit standard for service providers) I’m an old IT audit guy. I spent over a dozen years digging into enterprise data centers and business processes to find the weaknesses in controls and pointing out vulnerabilities so my clients could mitigate the risks before...

Read more

Is 2012 finally THE YEAR of mobile security threats?

I’m conditioned to ignore the torrent of annual New Year’s information security predictions, most of which are blatantly self-serving vendor pitches (an encryption vendor predicting a rise in big data breaches, an AV company wringing hands over the explosive growth and increased sophistication of malware, yadda, yadda). Year-of themes...

Read more