A recent article on TechWeb's DarkReading entitled 'Lessons Learned From Five Big Database Breaches In 2010' provides a brief history of database breaches. The five breaches described include databases at a sheriff's office, a university, a marketing company a healthcare company and a media network. Almost all of the breaches could have been prevented with moderate controls.
Organizations need to understand that more often than not, its most valuable and sensitive information assets reside in its databases. It is therefore logical that databases are a prime target for attacks.
Database security should be taken seriously. Risks must be understood and controls implemented. Security can be improved dramatically with some effort. Our Continental Audit database services can have a huge impact.
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/228900094/lessons-learned-from-five-big-database-breaches-in-2010.html
Saturday, January 29, 2011
Friday, January 7, 2011
Ernst & Young survey on outsourcing/cosourcing the internal audit function
The recent article published by Ernst & Young (EY) on the outsourcing or co-sourcing of the corporate internal audit function caught our attention. According to an EY survey, 77% of senior executives see outsourcing or co-sourcing as worthwhile, yet only 28% are actually taking action in this area by using external service providers. EY goes on to discuss seven myths of why companies are skeptical including the fear of losing control, the expected high cost and the thinking that internal auditors know better.
Our opinion at Continental Audit, is that it is very worthwhile and cost-effective for companies to outsource or co-source internal audit functions. This is especially true when it comes to specialized IT auditing like the areas in which we work. Some IT specialists are hard to find and deploy for IT audit purposes e.g. database auditors.
We encourage companies to explore their options in this area. There is a high probability that the conclusion will be to outsource/cosource some functions especially in the IT audit space.
Reference: http://www.ey.com/GL/en/Services/Advisory/Risk/Internal-Audit/To-cosource-or-not-to-cosource---Fact-or-fiction--Seven-cosourcing-myths-exposed
Our opinion at Continental Audit, is that it is very worthwhile and cost-effective for companies to outsource or co-source internal audit functions. This is especially true when it comes to specialized IT auditing like the areas in which we work. Some IT specialists are hard to find and deploy for IT audit purposes e.g. database auditors.
We encourage companies to explore their options in this area. There is a high probability that the conclusion will be to outsource/cosource some functions especially in the IT audit space.
Reference: http://www.ey.com/GL/en/Services/Advisory/Risk/Internal-Audit/To-cosource-or-not-to-cosource---Fact-or-fiction--Seven-cosourcing-myths-exposed
Subscribe to:
Posts (Atom)