Security Management Strategies for the CIOEmail Alerts
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Some Things SOX Doesn't Say: SOX Myths
In this excerpt from Chapter 1 of "Sarbanes-Oxley for Dummies," author Jill Gilbert Welytok demystifies four common myths about SOX. Book Chapter
-
Quiz: Ensuring compliance across the extended enterprise
A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Quiz
-
Security rules to live by: Compliance with laws and regulations
Learn how complying with enterprise and federal laws and regulations affects information security and receive guidelines practitioners can use to protect themselves and their organization, in this excerpt of Chapter 3: Security Rules to Live By from ... Book Chapter
-
Policies and regulatory compliance
An overview of the type of policies needed for regulatory compliance. Information Security maga
-
Making sense of the maze
The program director of regulatory compliance for the Object Management Group discusses a new project known as Compliance Global Regulatory Information Database, which should help businesses manage regulatory compliance demands across international b... Executive Briefing
-
SOX Security School final exam answers
Security Quiz Answer
-
Step 1: Understanding compliance -- Financial and technical standards
Compliance School
-
Step 5: Measuring compliance
Compliance School
-
Step 6: Managing and tracking compliance
Compliance School
- See more Essential Knowledge on Sarbanes-Oxley Act
-
Audit requirements drive demand for privileged account management
SOX compliance requirements and data security concerns are accelerating growth of the privileged account management market Article | 21 Aug 2009
-
Ex-SEC chief Pitt decries state of Sarbanes-Oxley, risk management
Former SEC chairman Harvey Pitt has a blunt assessment of SOX as well as the current state of the regulatory system, calling it "badly broken." News | 05 Jun 2009
-
Consensus Controls project aims to set benchmarks for compliance
The Consensus Controls project aims to provide organizations with a peer review system for IT controls. Article | 03 Oct 2008
-
Security visualization helps make log files work
Using visualization tools, security pros can build charts and graphs to make sense of complex log files and data and improve their company's security stance. Article | 28 Aug 2008
-
RSA attendees see data classification, rights management projects stumble
SAN FRANCISCO -- Companies need to embark on data classification projects to gain more control over its movement and minimize data leakage, but it's difficult to find a company successfully carrying out a project. Rena Mears, Deloitte's global and U.... Interview | 10 Apr 2008
-
Hannaford breach illustrates dangerous compliance mentality
As Executive Editor Dennis Fisher explains, the Hannaford supermarket breach illustrates how too much emphasis on compliance puts critical data at risk. Column | 02 Apr 2008
-
PCI compliance drives identity management spending, says IBM's GRC chief
Kristin Lovejoy came to IBM as chief technology officer of Consul Risk Management, which was acquired by Big Blue in early 2007. Lovejoy helps contribute to IBM's company-wide security strategy, overseeing the company's governance, risk and complianc... Interview | 19 Feb 2008
-
SEC: 404 budgets filled with waste
The SEC slaps the hand of public accounting firms -- and tells C-level execs to get a better grip on SOX 404 requirements. Article | 16 Jan 2008
-
Sarbanes-Oxley testing cuts could mean cost cuts
Technology that could help public companies reduce their compliance activities is being embedded in SOX-compliant software. But to work, experts say external auditors must be on board. Article | 16 Jan 2008
-
IBM to boost security spending, push PCI DSS program
IBM plans to invest $1.5 billion on security research in 2008. The company is also using recent acquisitions to introduce a PCI DSS program. Article | 01 Nov 2007
- See more News on Sarbanes-Oxley Act
-
With JOBS Act, Sarbanes-Oxley compliance likely won't get easier
While SMBs may benefit from the JOBS Act, Sarbanes-Oxley compliance for enterprises may remain largely unchanged. Expert Mike Chapple explains why. Tip
-
SOX compliance checklist: Five ways to refine a SOX compliance program
SOX compliance is still too burdensome for many enterprises. Expert Charles Denyer offers five ways to streamline a lagging SOX compliance program. Tip
-
Frameworks to support SOX compliance requirements
Enterprises have had to deal with SOX regulatory compliance for several years, but many lack clear direction that will address SOX compliance requirements from an IT process perspective. Learn how enterprises can use IT and security tools within COSO... Tip
-
The Little Black Book of Computer Security, 2nd Edition
In an online excerpt of The Little Black Book of Computer Security, expert author Joel Dubin reviews how to prepare for today's most important compliance requirements. Tip
-
SureWest makes the call on SOX compliance
This case study reveals how SureWest ensures financial applications, systems and services are secure so financial reports can be trusted. Tip
-
Maintaining compliance in a world of constant change
Robert Childs examines four steps information security practitioners can take to ensure that their compliance efforts are maintained and kept up-to-date. Tip
-
COSO and COBIT: The value of compliance frameworks for SOX
In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights on... Tip
-
SOX compliance: Building a directory services model for adequate access controls
Using meta-directories for authentication and access control puts data at risk, but they can be useful in obtaining the granular control of service directories required for compliance. Tip
-
Defining adequate security controls
Because of the changing nature of technology, the language in the Sarbanes-Oxley Act is purposefully vague. This article explores the meaning of adequate security controls and what is required for SOX compliance. Tip
-
Compliance guide for managers: Lessons learned and best decisions
Compliance guide for managers: Lessons learned and best decisions Tip
- See more Tips on Sarbanes-Oxley Act
-
Security requirements for Foreign Corrupt Practices Act compliance
Expert Mike Chapple explains the Foreign Corrupt Practices Act and the security controls required for compliance. Answer
-
SOX data retention policies: What to do with old software archives
What do you do when sensitive data is stored on old versions of software? In this expert response, Ernie Hayden discusses how to make sure you retain data correctly for Sarbanes Oxley compliance purposes. Ask the Expert
-
Technology to automate SOX compliance according to COBIT frameworks
How effective are automated compliance solutions at easing a enterprise's compliance burden? In this expert response, learn what resources can be most helpful for your enterprise when complying with SOX. Ask the Expert
-
Is Word document-comparison software SOX compliant?
The SOX audit process can be daunting, especially when it comes to finding SOX-compliant software. In this expert response, learn whether Word document-comparison software is SOX compliant. Ask the Expert
-
Internal audits for Sarbanes Oxley and internal IT support
Under SOX, is internal IT support allowed to access security systems? Read this response from security management expert David Mortman. Ask the Expert
-
Does password sharing in international branches violate SOX?
Does password sharing in a company's international branch violate Sarbanes Oxley compliance? Learn enterprise password management solutions for international companies. Ask the Expert
-
Does SOX provision email archiving?
Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Ask the Expert
-
How to conduct an efficient and thorough employee access review
In order to meet HIPAA and SOX compliance requirements, an employee access review is necessary. Ask the Expert
-
What types of software can help a company perform a security risk assessment?
Security management expert Mike Rothman unveils what kind of software is on the market to help assist a company in the risk assessment process. Ask the Expert
-
How should termination procedures address a user's multiple roles?
In this SearchSecurity.com Q&A, expert Joel Dubin explains how the right access management tools can eliminate all traces of a terminated employee. Ask the Expert
- See more Expert Advice on Sarbanes-Oxley Act
-
How to perform a third-party risk assessment for compliance
Afraid of non-compliant business partners? Learn how to perform a third-party risk assessment to prevent non-compliance. Video
-
Managing third-party compliance
In this podcast, special guest expert Richard Mackey offers tips on managing third-party compliance and risk. Podcast
-
Security requirements for Foreign Corrupt Practices Act compliance
Expert Mike Chapple explains the Foreign Corrupt Practices Act and the security controls required for compliance. Answer
-
With JOBS Act, Sarbanes-Oxley compliance likely won't get easier
While SMBs may benefit from the JOBS Act, Sarbanes-Oxley compliance for enterprises may remain largely unchanged. Expert Mike Chapple explains why. Tip
-
SOX compliance checklist: Five ways to refine a SOX compliance program
SOX compliance is still too burdensome for many enterprises. Expert Charles Denyer offers five ways to streamline a lagging SOX compliance program. Tip
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
How to perform a third-party risk assessment for compliance
Afraid of non-compliant business partners? Learn how to perform a third-party risk assessment to prevent non-compliance. Video
-
Frameworks to support SOX compliance requirements
Enterprises have had to deal with SOX regulatory compliance for several years, but many lack clear direction that will address SOX compliance requirements from an IT process perspective. Learn how enterprises can use IT and security tools within COSO... Tip
-
SOX data retention policies: What to do with old software archives
What do you do when sensitive data is stored on old versions of software? In this expert response, Ernie Hayden discusses how to make sure you retain data correctly for Sarbanes Oxley compliance purposes. Ask the Expert
-
Technology to automate SOX compliance according to COBIT frameworks
How effective are automated compliance solutions at easing a enterprise's compliance burden? In this expert response, learn what resources can be most helpful for your enterprise when complying with SOX. Ask the Expert
-
Audit requirements drive demand for privileged account management
SOX compliance requirements and data security concerns are accelerating growth of the privileged account management market Article
-
Is Word document-comparison software SOX compliant?
The SOX audit process can be daunting, especially when it comes to finding SOX-compliant software. In this expert response, learn whether Word document-comparison software is SOX compliant. Ask the Expert
- See more All on Sarbanes-Oxley Act
About Sarbanes-Oxley Act
In this guide experts define the Sarbanes-Oxley Act of 2002 (SOX) and offer information on guidelines and regulations, penalties, compliance, audits, violations and section 404 and section 302.