Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SOX Standard - Where and How to Start ?

From: "Dave Lewis" <dlewis () security-connect com>
Date: Mon, 19 May 2008 08:41:57 -0600
You've embarked on an interesting adventure... :)

Unlike ISO standards where everyone meets the same criteria with standardized methods, you get to choose your methods 
in reaching SOX compliance which leads to the ambiguous path you're on.

A top-down approach will most likely serve you best:

- Select your audit standard: SAS 70 was required for us.
- Select your framework of controls: COBIT, COSO, etc.
- Identify affected business units and departments. 
- Select appropriate objectives
- Select appropriate controls

You'll probably find internal politics and insufficient policy and procedures. So the outline above is just the 
beginning...

Useful links:
www.itgi.org (look for a pdf file named "IT Control Objectives for Sarbanes-Oxley")
www.isaca.org
www.coso.org
www.sas70.com

Dave Lewis
IT Manager

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mohamed Farid
Sent: Sunday, May 18, 2008 1:29 AM
To: security-basics () securityfocus com
Subject: SOX Standard - Where and How to Start ?

Dear All :

My company is asking me to study the SOX compliance - and to make a gap
analysis for the current situation and the standard situation ...
The problem is that I can't find a good guide for the SOX requirements - and
I am stuck between a lot of readings and a lot of white papers which are
leading me to nothing ...

Can you help me to find a way to start ?
Advise me what should I read ? and how can I get the requirements ?

Thanks ,,,
 


--------------------------------------------------------------------
"*** NOTICE ***  The information in this communication and any 
attachment may contain confidential and proprietary information of 
Security Connections, Inc. and/or its affiliates and may be 
privileged or otherwise protected from disclosure. If you are not the 
intended recipient, you are hereby notified that any review, 
reliance, duplication or distribution without express permission is 
strictly prohibited and may cause liability. If you have received this 
communication in error, please notify the sender immediately by 
reply email and delete or destroy all copies of this communication 
and any attachments. Any views expressed in this communication 
are those of the individual sender, except where authorized and 
explicitly stated otherwise."
Previous By Date Next
Previous By Thread Next

Current thread: