This paper provides and overview of the Sarbanes-Oxley mandate. Sarbanes-Oxley doesn't mandate specific internal controls such as strong authentication or the use of encryption. "But if someone can easily get in your system because you have a four-character password, for me, that is a no-brainer [as a sign of noncompliance]," Saidman said.
What the law will likely do is open a dialogue between upper-level management and their security staff on what is needed to ensure that proper and auditable security measures are in place. The executives who have to sign off on the internal controls have a lot to lose if things aren't kosher; they could face criminal penalties if a breach is detected.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
