Security Basics mailing list archives
RE: SOX Standard - Where and How to Start ?
From: "Dave Lewis" <dlewis () security-connect com>
Date: Mon, 19 May 2008 08:41:57 -0600
You've embarked on an interesting adventure... :) Unlike ISO standards where everyone meets the same criteria with standardized methods, you get to choose your methods in reaching SOX compliance which leads to the ambiguous path you're on. A top-down approach will most likely serve you best: - Select your audit standard: SAS 70 was required for us. - Select your framework of controls: COBIT, COSO, etc. - Identify affected business units and departments. - Select appropriate objectives - Select appropriate controls You'll probably find internal politics and insufficient policy and procedures. So the outline above is just the beginning... Useful links: www.itgi.org (look for a pdf file named "IT Control Objectives for Sarbanes-Oxley") www.isaca.org www.coso.org www.sas70.com Dave Lewis IT Manager -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mohamed Farid Sent: Sunday, May 18, 2008 1:29 AM To: security-basics () securityfocus com Subject: SOX Standard - Where and How to Start ? Dear All : My company is asking me to study the SOX compliance - and to make a gap analysis for the current situation and the standard situation ... The problem is that I can't find a good guide for the SOX requirements - and I am stuck between a lot of readings and a lot of white papers which are leading me to nothing ... Can you help me to find a way to start ? Advise me what should I read ? and how can I get the requirements ? Thanks ,,, -------------------------------------------------------------------- "*** NOTICE *** The information in this communication and any attachment may contain confidential and proprietary information of Security Connections, Inc. and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance, duplication or distribution without express permission is strictly prohibited and may cause liability. If you have received this communication in error, please notify the sender immediately by reply email and delete or destroy all copies of this communication and any attachments. Any views expressed in this communication are those of the individual sender, except where authorized and explicitly stated otherwise."
Current thread:
- SOX Standard - Where and How to Start ? Mohamed Farid (May 18)
- RE: SOX Standard - Where and How to Start ? Craig Wright (May 19)
- RE: SOX Standard - Where and How to Start ? Dave Lewis (May 19)