Security Basics mailing list archives

Re: SOX compliance and assessment

From: Alexander Bolante <alexander.bolante () gmail com>
Date: Wed, 12 Jan 2005 17:03:14 -0800

ITGI has a few resources you might want to read. Check out the link below:
http://www.itgi.org/template_ITGI.cfm?Section=Recent_Publications&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=43&ContentID=10617

You might also be able to find a free webinar on SOX at
Globalknowledge.com. If not, Netegrity and IBM would have great
resources as well.

Good luck.


On Tue, 11 Jan 2005 17:55:31 -0800 (PST), tony <tonytorri () yahoo com> wrote:

Michael,

Publicly traded companies were to be SOX compliant by 11/15/04.  Security and
control process had to be in place for at least 3 months before that date to
validate they were in fact working.

If you are just beginning the SOX compliance effort...you are only about 2
years behind.  Surely someone in your company is leading this effort.

It you are in the IT area..good starting would be to do keywork search on Cobit
and SAS70.  This will give you a good idea of the IT security that needs to be
in place.

Tony
--- Michael Jordon <mjordon21 () yahoo com> wrote:



Hello,

I looking for a starting point to perform a SOX compliance assessment. Can
someone assist in identification of the controls objectives for Section 302
and 404.

What are the other areas that should be considered to develop such
assessment?

Many thanks in advance.

MJ


=====
Tony T. CISSP, CISA, CDP, CIA
Senior IS Security & Risk Manager
360.906.7893 (Work)
Northern Telecom LLP


__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail



-- 
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. If you are not the intended recipient of this
message you are hereby notified that any use, review, retransmission,
dissemination, distribution, reproduction or any action taken in
reliance upon this message is prohibited. If you received this in
error, please contact the sender and delete the material from any
computer. Any views expressed in this message are those of the
individual sender only.
---------------------------------------------------------------------------------------------------------------------------------

Current thread:

SOX compliance and assessment Michael Jordon (Jan 11)
- Re: SOX compliance and assessment tony (Jan 12)
  - Re: SOX compliance and assessment Alexander Bolante (Jan 13)
  - Re: SOX compliance and assessment Will Thornsbury (Jan 13)
- <Possible follow-ups>
- RE: SOX compliance and assessment Jason Workman (Jan 13)