Premium Content

Access "SOX section 404: Improving security with executive communications"

Edward Hurley Published: 20 Dec 2012

It's widely held that the Sarbanes-Oxley Act will be the two-by-four that gets upper management to pay serious attention to infosecurity. It requires that chief executives of publicly traded companies personally attest to the validity of their financials. As a security manager, you will likely be charged with figuring out the details of how to assure compliance. Although Sarbanes-Oxley doesn't specifically address security, SOX Section 404 of the law does imply the need for strong security. It requires companies to certify their internal controls of financial data in an annual report to the Securities and Exchange Commission. "Now, C-level executives are certifying their internal controls, which in part relates to security," says Gary Saidman, an attorney specializing in infosecurity matters at Atlanta-based law firm Kilpatrick Stockton. It would be hard for your CEO to say the books are accurate unless the systems holding the financial information are secure. In other words, your company needs security mechanisms to prevent an attacker from covertly ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free