| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge The bulk of financial information in many companies is created, stored and transmitted electronically. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately accountable for SOX compliance are the corporate CEO and CFO.Learn the important issues your IT staff must consider when building a Sarbanes-Oxley compliant infrastructure.
Dr. Paul Judge,
07/06/2005
|
|
Sarbanes-Oxley (SOX) Impact on Security In Software The following chart is an example of an security assessment matrix that may be used to evaluate security impact of various regulations to software development projects. This is just an example for use in the case of Sarbanes-Oxley. Most of the countermeasures are commonly known. By using this matrix approach, it is possible to get a rough understanding of possible requirements to expect from customers/end users.
By Keith Pasley, 05/07/2004
|
|
Stepping Up to Sarbanes-Oxley Besides getting bored, I also came away confused because it offered no guidance on the related information security issues. After further reading, I decided that the most important part for my group is Section 404, titled "Management Assessment of Internal Controls." This section mandates that management attest to the effectiveness of our company's "internal control" structure and procedures for financial reporting. Internal control is an extremely broad term, but I translated this section to mean that the CEO will expect my group to have sufficient controls in place to ensure the confidentiality, integrity and availability of financial and other critical information. So I came up with an initial plan to ensure compliance.
By Mathias Thurman , 05/07/2004
|
|
Sarbanes, Oxley and You Fiona Williams, who is responsible for Deloitte & Touche's security services practice for North America, answers readers' questions about the Sarbanes-Oxley Act.
By Fiona Williams, 05/07/2004
|
|
Security and Sarbanes-Oxley This paper provides and overview of the Sarbanes-Oxley mandate. Sarbanes-Oxley doesn't mandate specific internal controls such as strong authentication or the use of encryption. "But if someone can easily get in your system because you have a four-character password, for me, that is a no-brainer [as a sign of noncompliance]," Saidman said. What the law will likely do is open a dialogue between upper-level management and their security staff on what is needed to ensure that proper and auditable security measures are in place. The executives who have to sign off on the internal controls have a lot to lose if things aren't kosher; they could face criminal penalties if a breach is detected.
By Edward Hurley, 05/07/2004
|
|
The Role of IT Security in Sarbanes-Oxley Compliance The Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act of 2002 requires that the CEOs and CFOs of publicly-held companies certify each annual and quarterly report filed with the Securities and Exchange Commission. This document will summarize the requirements of Sarbanes-Oxley as they apply to IT and define the controls IT must be concerned with in the certification process. This document pertains only to the role of IT and IT security in Sarbanes-Oxley controls compliance; other company departments – accounting, finance, human resources, etc., may be subject to controls not covered herein.
04/15/2004
|
|
The Impact of the Sarbanes-Oxley Act on IT Security This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts. According to the Deloitte and Touche Information Security and Privacy Group, “there is a lack of clarity on the impact of multiple governance initiatives (including Sarbanes-Oxley) on information security”.4 By not specifically addressing IT security, the Act leaves room for interpretation. The information presented below is based on the research I conducted and represents my interpretation of the effects of the Sarbanes-Oxley Act on IT security. In the near future, as compliance efforts progress, new standards and best practices relating specifically to IT security controls in a Sarbanes-compliant environment will be released. This paper is not intended to provide reference to all the controls that should be considered during compliance efforts.
03/26/2004
|
