Sarbanes Oxley for IT Security?

Sarbanes Oxley for IT Security?
Mark Rasch, 2005-05-02

Sarbanes Oxley seems wholly focused on the accuracy of a company's financial records and controls around these records, so where does IT security come into the picture?

Expand all | Post comment

OATBNL ? 2005-05-03
Umesh Chavan (3 replies)

OATBNL ? 2005-05-05
Anonymous

OATBNL ? 2005-05-06
Anonymous

OATBNL = OATBNL 2005-09-28
Anonymous

Sarbanes Oxley for IT Security? 2005-05-03
Mestafio

Sarbanes Oxley for IT Security? 2005-05-04
TA

Sarbanes Oxley for IT Security? (any good links, papers...?) 2005-05-06
Anonymous (2 replies)

Re: Sarbanes Oxley for IT Security? (any good links, papers...?) 2006-04-07
Anonymous

Re: Sarbanes Oxley for IT Security? (any good links, papers...?) 2007-07-18
Anonymous

Sarbanes Oxley for IT Security? 2005-05-07
Anonymous

Sarbanes Oxley for IT Security? 2005-05-09
Michael Britt

Sarbanes Oxley for IT Security? 2005-05-10
Anonymous

Sarbanes Oxley for IT Security? 2005-05-12
Jayaraj (1 replies)

Re: Sarbanes Oxley for IT Security? 2005-07-27
Anonymous

As an IT auditor, I can say that SOX is just wrapping more duct tape on a fundamentally broken system. The bottom line is that audit firms get paid by the auditee, so there will always be conflict of interest. Secondly, internal controls are designed to control the underlings, not the executives. As Mark pointed out, serious fraud (materially significant) comes from executives.

In the trenches it is the same old story, there is a direct relation between the audit fees and the strictness of application of testing. The big boys are allowed far more leniency than the little ones.

SNAFU.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/322/32205#32205

Sarbanes Oxley for IT Security? 2005-10-07
Sorag