Security Basics mailing list archives

RE: SOX Standard - Where and How to Start ?

From: Craig Wright <Craig.Wright () bdo com au>
Date: Mon, 19 May 2008 14:56:33 +1000


ISACA have a SOX Compliance document aligning COBIT to SOX.

Basically, what matters is integrity and most critically - proving it. This means:
        A secure system
        Logging AND Monitoring
        Non-repudiation of events
        Change control
        ...

What is generally forgotten in the 302/404 rush is the need to also ensure 802 and 1102, these are to do with document 
handling and evidence.

Regards,
Dr Craig Wright (GSE-Compliance)


Craig Wright
Manager, Risk Advisory Services

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW-VIC) Pty. Ltd.
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/

The information in this email and any attachments is confidential. If you are not the named addressee you must not 
read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received 
this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. 
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer 
viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy 
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator () 
bdo com au.

BDO Kendalls is a national association of separate partnerships and entities. Liability limited by a scheme approved 
under Professional Standards Legislation.
-----Original Message-----

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mohamed Farid
Sent: Sunday, 18 May 2008 5:29 PM
To: security-basics () securityfocus com
Subject: SOX Standard - Where and How to Start ?

Dear All :

My company is asking me to study the SOX compliance - and to make a gap
analysis for the current situation and the standard situation .
The problem is that I can't find a good guide for the SOX requirements - and
I am stuck between a lot of readings and a lot of white papers which are
leading me to nothing .

Can you help me to find a way to start ?
Advise me what should I read ? and how can I get the requirements ?

Thanks ,,,



ine
a?i???

Current thread:

SOX Standard - Where and How to Start ? Mohamed Farid (May 18)
- RE: SOX Standard - Where and How to Start ? Craig Wright (May 19)
- RE: SOX Standard - Where and How to Start ? Dave Lewis (May 19)