- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Information Security and Section 404 of the Sarbanes-Oxley Act
- Abstract
- In response to the corporate accounting scandals of 2001 the Public Company Accounting and Investor Protection Act of 2002 was passed. Also called the Sarbanes-Oxley Act, it is broken down into eleven titles containing sixty-six sections which cover everything from establishing the Public Company Accounting Oversight Board (PCAOB) to making it illegal to retaliate against an informant. Probably the most talked about and the most important part of the Sarbanes-Oxley Act for information technology professionals is section 404, which deals with internal controls. This paper will summarize section 404 and recently released items relating to it, such as the Public Accounting Oversight Board's release of the Auditing Standard #2 on March 9, 20041 and the Security and Exchange Commission's Final Rules related to section 404, released on May 27, 20032. It will then discuss the how an information security team can help an organization stay compliant with Section 404.