Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
August 2005

Ping: Chrisan Herrod

The Securities and Exchange Commission may call the shots on SOX, but it can take the bullet like everyone else. Just ask CSO Chrisan Herrod. She's responsible for making sure the agency complies with many of the same standards it enforces. Like any security professional, she has her own war stories, like a recent Government Accountability Office (GAO) report that took SEC to task for not implementing effective electronic access controls. It must be difficult when another agency scrutinizes your compliance controls. [GAO] published a scathing report citing SEC's lack of material controls, but it could never prove there was any financial control problem stemming from a lack of information security controls. In my view, if you have sound controls and sound record keeping, you're taking reasonable steps to comply even if a technological control hasn't been implemented. What is SEC's overall security posture? SEC uses a combination of technology, process and management controls to ensure that we are in compliance with the Federal ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

  • A Safe Bet?

    Network anomaly detection is the newest player at the security table.

  • Proving Grounds

    Test labs are the ideal place to check theory against reality.

  • Boot Camp

    Whip your users into shape with security awareness training.

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close