Key points of Sarbanes-Oxley

By Kevin Beaver, CISSP, president, Principle Logic, LLC 06 Oct 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Sarbanes-Oxley (SOX) is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. There are three main areas of SOX that affect IT:

• Section 302 -- Corporate Responsibility for Financial Reports: This section requires executives to certify the accuracy of financial reports.



• Section 404 -- Management Assessment of Internal Controls: This section requires executives/auditors to confirm the effectiveness of internal controls.



• Section 802 -- Criminal Penalties for Altering Documents: This section mandates the protection/retention of financial audit records.

The verbiage in these sections is very vague and not IT-specific. In a nutshell, your IT and security infrastructure is affected in that there needs to be various "controls" in place -- firewalls, authentication mechanisms, access controls, ongoing vulnerability assessments, etc. -- to help ensure that financial audit records are adequately protected.

A wise IT/security manager working for a public company would implement as many security best practices as possible such as those found on SearchSecurity.com as well as from NIST, the NSA Gold Standard, the ISO 17799 framework, etc. These actions will help minimize the gray area within the larger gray area called SOX. I would suggest getting your legal counsel involved to determine what the best fit is for your organization.

Tags: Sarbanes-Oxley Act,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Sarbanes-Oxley Act SOX compliance burdens midmarket security teams Ex-SEC chief Pitt decries state of Sarbanes-Oxley, risk management Information security book excerpts and reviews Internal audits for Sarbanes Oxley and internal IT support Internal auditors and CISOs mitigate similar risks Implement security and compliance in a risk management context Does password sharing in international branches violate SOX? Consensus Controls project aims to set benchmarks for compliance Security visualization helps make log files work The Little Black Book of Computer Security, 2nd Edition Sarbanes-Oxley Act Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary