Sarbanes-Oxley Act

Outfox SOX: How to make regulations work for you

By Daniel Blum

The following presentation was given at Information Security Decisions Spring 2005 in Chicago.

The mere mention of Sarbanes-Oxley is enough to give security managers headaches. However, even if you're not on the hook for compliance, this session reveals what you should have been doing all along -- even before the law went into effect. Designed to prevent corporate fraud and accounting abuses, the law mandates that companies "ensure the integrity of their data." That's no easy task. What the regulation actually calls for is a matter of great debate and has caused tremendous confusion for those responsible for designing and implementing security compliance plans. Complicating matters is a lack of guidance from the government on compliance standards, differing expectations among auditors and a sea of ambiguous information from product vendors.

Daniel Blum, a senior VP and research director at the Burton Group, demystifies Sarbanes-Oxley by explaining its application to security in practical terms. Blum details the mistakes enterprises have made -- and shows you how to avoid making them same errors -- and then shares the successes they achieved in the first round of compliance. He also outlines compliance strategies and methodologies and discusses the tools that will help enterprises maintain and demonstrate compliance.

View the presentation

Visit our Sarbanes-Oxley resource center

09 May 2005

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.