Talk With an Expert

An Overview of Sarbanes-Oxley for the Information Security Professional

An Overview of Sarbanes-Oxley for the Information Security Professional (PDF, 2.06MB)Published: 25 Jul, 2004
Created by
Gregg Stults

The Sarbanes-Oxley Act of 2002 has dramatically affected overall awareness and management of internal controls in public corporations. Responsibility for accurate financial reporting has landed squarely on the shoulders of senior management, including the potential for personal criminal liability for CEOs and CFOs. Since modern accounting systems are computer based, accurate financial reporting depends on reliable, and secure, computing environments. Information security professionals are being asked to understand and comply with Sarbanes-Oxley in short time frames and with limited budgets. It is important that they learn as much as they can and create realistic compliance strategies. This paper will describe Sarbanes-Oxley, discuss some of the current strategies for compliance and address some specific guidelines for typical security topics.