The mere mention of Sarbanes-Oxley is enough to give security managers headaches. However, even if you're not on the hook for compliance, this session reveals what you should have been doing all along -- even before the law went into effect. Designed to prevent corporate fraud and accounting abuses, the law mandates that companies "ensure the integrity of their data." That's no easy task. What the regulation actually calls for is a matter of great debate and has caused tremendous confusion for those responsible for designing and implementing security compliance plans. Complicating matters is a lack of guidance from the government on compliance standards, differing expectations among auditors and a sea of ambiguous information from product vendors.
Daniel Blum, a senior VP and research director at the Burton Group, demystifies Sarbanes-Oxley by explaining its application to security in practical terms. Blum details the mistakes enterprises have made -- and shows you how to avoid making them same errors -- and then shares the successes they achieved in the first round of compliance. He also outlines compliance strategies and methodologies and discusses the tools that will help enterprises maintain and demonstrate compliance.
This was first published in May 2005