This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts. According to the Deloitte and Touche Information Security and Privacy Group, “there is a lack of clarity on the impact of multiple governance initiatives (including Sarbanes-Oxley) on information security”.4 By not specifically addressing IT security, the Act leaves room for interpretation. The information presented below is based on the research I conducted and represents my interpretation of the effects of the Sarbanes-Oxley Act on IT security. In the near future, as compliance efforts progress, new standards and best practices relating specifically to IT security controls in a Sarbanes-compliant environment will be released. This paper is not intended to provide reference to all the controls that should be considered during compliance efforts.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
