Security Management Strategies for the CIOAccess "SOX section 404: Improving security with executive communications"
This article is part of the February 2004 issue of Closing the gap: How to decide when (and if) to patch vulnerabilities
It's widely held that the Sarbanes-Oxley Act will be the two-by-four that gets upper management to pay serious attention to infosecurity. It requires that chief executives of publicly traded companies personally attest to the validity of their financials. As a security manager, you will likely be charged with figuring out the details of how to assure compliance. Although Sarbanes-Oxley doesn't specifically address security, SOX Section 404 of the law does imply the need for strong security. It requires companies to certify their internal controls of financial data in an annual report to the Securities and Exchange Commission. "Now, C-level executives are certifying their internal controls, which in part relates to security," says Gary Saidman, an attorney specializing in infosecurity matters at Atlanta-based law firm Kilpatrick Stockton. It would be hard for your CEO to say the books are accurate unless the systems holding the financial information are secure. In other words, your company needs security mechanisms to prevent an attacker from covertly ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
A Patch in Time: Considering automated patch management
by Pete Lindstrom, Contributor
Vulnerabilities are followed by patches, followed by exploits, followed by misery. Automated patch management solutions ease the pain and cut costs.
-
Cyberspace security liability lawsuits on the rise?
by Edward Hurley
Double jeopardy doesn't apply in cyberspace, and the coming wave of downstream security liability lawsuits could make your organization a victim twice over.
-
Best practices for security report writing
by Robert Garigue and Marc Stefaniu
Concise, targeted security reports command the attention of the executives who need to act on them. Learn best practices for security report writing.
-
A Patch in Time: Considering automated patch management
by Pete Lindstrom, Contributor
-
-
Red-zone defense: Products to prevent IP Leakage
by Kevin Beaver
New technologies to support intellectual property and keep your IP under lock and key.
-
SOX section 404: Improving security with executive communications
by Edward Hurley
It's widely held that the Sarbanes-Oxley Act will be the two-by-four that gets upper management to pay serious attention to infosecurity. Here you will learn how SOX section 404 plays a hand in improving seucrity with executive communications.
-
Red-zone defense: Products to prevent IP Leakage
by Kevin Beaver
-
Columns
-
Editor's desk: The future of 'Information Security' magazine
by Lawrence M. Walsh
Lawrence Walsh explains why the combo of "Information Security" and SearchSecurity.com is the industry's No. 1 trusted infosec resource.
-
React in seconds with a network incident response plan
by Marcus Ranum
A network incident response plan enables the split-second reactions necessary to survive next-generation attacks.
-
OS Hardening and Other Essential Linux Skills for Maintaining Security
by Jay Beale
Jay Beales outlines must-have Linux skills for administrators.
-
The 'antiworm' evolution: Can it help Internet worm protection?
by Pete Lindstrom, Contributor
New "antiworm" or "worm containment" solutions promise new prevention and detection techniques that reduce or eliminate propagating worms. But do they work?
-
Security jargon: Using IT language analogies to explain information security
by Andrew Briney
Information security is a business of nonstop metaphors, cliches, similes and comparisons. Should we all agree to put a moratorium on using IT language analogies to describe what we do?
-
Editor's desk: The future of 'Information Security' magazine
by Lawrence M. Walsh
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...