Security Basics mailing list archives
RE: SOX compliance and assessment
From: Jason Workman <JasonW () meederfinancial com>
Date: Thu, 13 Jan 2005 12:52:51 -0500
I would like to add to this line of questioning. My company, too, has just started working on SOX compliances. I am assisting with developing or "purchasing" a solutions for the IT portion of the SOX act. Can you suggest any vendors, software (open or closed source), or services that would be helpful performing email archival and/or retrieval. I have come across to such solutions and would appreciate any further ideas. Thanks. http://www.frontbridge.com/services/archive.php and http://www.ilumin.com/products/assentor_enterprise.htm -----Original Message----- From: Alexander Bolante [mailto:alexander.bolante () gmail com] Sent: Wednesday, January 12, 2005 8:03 PM To: tony Cc: Michael Jordon; security-basics () securityfocus com Subject: Re: SOX compliance and assessment ITGI has a few resources you might want to read. Check out the link below: http://www.itgi.org/template_ITGI.cfm?Section=Recent_Publications&Template=/ TaggedPage/TaggedPageDisplay.cfm&TPLID=43&ContentID=10617 You might also be able to find a free webinar on SOX at Globalknowledge.com. If not, Netegrity and IBM would have great resources as well. Good luck. On Tue, 11 Jan 2005 17:55:31 -0800 (PST), tony <tonytorri () yahoo com> wrote:
Michael, Publicly traded companies were to be SOX compliant by 11/15/04. Security
and
control process had to be in place for at least 3 months before that date
to
validate they were in fact working. If you are just beginning the SOX compliance effort...you are only about 2 years behind. Surely someone in your company is leading this effort. It you are in the IT area..good starting would be to do keywork search on
Cobit
and SAS70. This will give you a good idea of the IT security that needs
to be
in place. Tony --- Michael Jordon <mjordon21 () yahoo com> wrote:Hello, I looking for a starting point to perform a SOX compliance assessment.
Can
someone assist in identification of the controls objectives for Section
302
and 404. What are the other areas that should be considered to develop such assessment? Many thanks in advance. MJ===== Tony T. CISSP, CISA, CDP, CIA Senior IS Security & Risk Manager 360.906.7893 (Work) Northern Telecom LLP __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
-- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any views expressed in this message are those of the individual sender only. ---------------------------------------------------------------------------- -----------------------------------------------------
Current thread:
- SOX compliance and assessment Michael Jordon (Jan 11)
- Re: SOX compliance and assessment tony (Jan 12)
- Re: SOX compliance and assessment Alexander Bolante (Jan 13)
- Re: SOX compliance and assessment Will Thornsbury (Jan 13)
- <Possible follow-ups>
- RE: SOX compliance and assessment Jason Workman (Jan 13)
- Re: SOX compliance and assessment tony (Jan 12)