The Sarbanes-Oxley Act's call for "adequate internal controls over financial reporting" is vague, and for good reason. By withholding prescriptive details, the regulators created a moving target that allows compliance requirements to increase with advances in technology.
According to Dennis Brewer on SearchSecurity.com,
As your customer's trusted adviser, you can play a significant role in SOX compliance efforts. Implementing a control framework is no minor task, and after you're done, you can help your customer maintain compliance by keeping them informed of the latest technologies and auditors' expectations. This learning guide is designed to help you to do just those things.
Introduction to COBIT for SOX compliance
The most widely accepted standard for achieving SOX compliance is COBIT. Understanding this standard will provide you with a repeatable framework that you can apply to all of your customers' regulatory compliance projects.
This 20-question scorecard, aligned with the sections of the COBIT standard, is designed to help you gauge an organization's ability
SOX, security standards and building a compliance framework
This article introduces SOX requirements and addresses the challenges of meeting them. Learn how to limit the scope of the compliance project, establish an IT control framework, and measure, manage and track your customer's compliance.
Keeping SOX 404 under control(s)
Security policies should be the driving force behind the types of controls you implement in your customers' environments. This article outlines the various policies that support Sarbanes-Oxley compliance.
Maintaining compliance in a world of constant change
Compliance doesn't stop after the first successful audit. You'll need to help your customers maintain compliance amidst constant business and technological changes. Here are four tips on keeping up with it all.
Raising the bar on compliance success
You've helped your customers establish baselines for reporting on foundational IT controls, and you've leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" on how this information and data is collected and managed -- using fewer resources to achieve better results. This webcast provides a technical and procedural guideline for getting there.
This was first published in May 2007