- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
An Overview of Sarbanes-Oxley for the Information Security Professional
- Abstract
- The Sarbanes-Oxley Act of 2002 has dramatically affected overall awareness and management of internal controls in public corporations. Responsibility for accurate financial reporting has landed squarely on the shoulders of senior management, including the potential for personal criminal liability for CEOs and CFOs. Since modern accounting systems are computer based, accurate financial reporting depends on reliable, and secure, computing environments. Information security professionals are being asked to understand and comply with Sarbanes-Oxley in short time frames and with limited budgets. It is important that they learn as much as they can and create realistic compliance strategies. This paper will describe Sarbanes-Oxley, discuss some of the current strategies for compliance and address some specific guidelines for typical security topics.