RE: SOX compliance and assessment

[Jason Workman <JasonW () meederfinancial com>]

I would like to add to this line of questioning.

My company, too, has  just started working on SOX compliances. I am
assisting with developing or "purchasing" a solutions for the IT portion of
the SOX act. 

Can you suggest any vendors, software (open or closed source), or services
that would be helpful performing email archival and/or retrieval.

I have come across to such solutions and would appreciate any further ideas.
Thanks.

http://www.frontbridge.com/services/archive.php

and

http://www.ilumin.com/products/assentor_enterprise.htm





-----Original Message-----
From: Alexander Bolante [mailto:alexander.bolante () gmail com] 
Sent: Wednesday, January 12, 2005 8:03 PM
To: tony
Cc: Michael Jordon; security-basics () securityfocus com
Subject: Re: SOX compliance and assessment

ITGI has a few resources you might want to read. Check out the link below:
http://www.itgi.org/template_ITGI.cfm?Section=Recent_Publications&Template=/
TaggedPage/TaggedPageDisplay.cfm&TPLID=43&ContentID=10617

You might also be able to find a free webinar on SOX at
Globalknowledge.com. If not, Netegrity and IBM would have great
resources as well.

Good luck.


On Tue, 11 Jan 2005 17:55:31 -0800 (PST), tony <tonytorri () yahoo com> wrote:
> Michael,
>
> Publicly traded companies were to be SOX compliant by 11/15/04.  Security
and
> control process had to be in place for at least 3 months before that date
to
> validate they were in fact working.
>
> If you are just beginning the SOX compliance effort...you are only about 2
> years behind.  Surely someone in your company is leading this effort.
>
> It you are in the IT area..good starting would be to do keywork search on
Cobit
> and SAS70.  This will give you a good idea of the IT security that needs
to be
> in place.
>
> Tony
> --- Michael Jordon <mjordon21 () yahoo com> wrote:
>
> > Hello,
> >
> > I looking for a starting point to perform a SOX compliance assessment.
Can
> > someone assist in identification of the controls objectives for Section
302
> > and 404.
> >
> > What are the other areas that should be considered to develop such
> > assessment?
> >
> > Many thanks in advance.
> >
> > MJ
>
> =====
> Tony T. CISSP, CISA, CDP, CIA
> Senior IS Security & Risk Manager
> 360.906.7893 (Work)
> Northern Telecom LLP
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - Helps protect you from nasty viruses.
> http://promotions.yahoo.com/new_mail


-- 
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. If you are not the intended recipient of this
message you are hereby notified that any use, review, retransmission,
dissemination, distribution, reproduction or any action taken in
reliance upon this message is prohibited. If you received this in
error, please contact the sender and delete the material from any
computer. Any views expressed in this message are those of the
individual sender only.
----------------------------------------------------------------------------
-----------------------------------------------------