Home �   IT Service Management News�  Index

Hackers Are Real-Time. Are you?

To meet the SOX general IT security requirements, organizations need to deploy multiple security point solutions such as firewalls, intrusion detection systems, anti-virus systems and others.
Mar 1, 2005

ITSM Watch Staff

From a Sarbanes-Oxley Section 404 perspective, any breach in IT security represents a risk to an internal system - including those covered by the standards implicit in section 404s mandates. Since IT underlies the very business of recording and reporting all financial activity, it follows that a lack of control over IT security would imply a lack of control over the organization's financial reports, in direct violation of SOX section 404.

Since any compromised IT system - or an unmanaged attack that could create a compromise can then be used to attack, compromise and degrade the integrity of the IT systems supporting a covered firms financial systems, section 404 of Sarbanes-Oxley carries with it the mandate to properly secure IT enterprise-wide (or, at least, to the point where the CEO, CFO and independent auditors are comfortable with the level of risk management applied to protecting corporate IT in general and financial IT systems specifically).

As a result of the efforts of organizations such as the ISACA, COBIT and PCAOB, frameworks and standards such as COSO have emerged that explicitly address the role of IT security in complying with SOX compliance.

Read More >>>