Has anyone used ISO 27001/27002 standards as their framework for establishing SOX IT General Controls?
If so, how did it go, and I would be interested in getting your contact info to find out more.
Vince
|
Hi
I'm putting together a SOx intratnet site for our company and looking for some fresh ideas. I'll be interviewing the stakeholders for what they're looking for but for those of you who've put together a webise, can you share what worked for you? What di...
Lynn | 11/30/2012 8:49:44 AM | COMMENTS(1)
|
We are expecting to be converted from Novell eDirectory to Microsoft Active Directory in a few months. Internal Audit is assessing whether what we test related to SOX for server security configurations should change as a result. What types of controls a...
cwalker52 | 11/29/2012 9:41:02 AM | COMMENTS(3)
|
We are getting some new feedback from our external auditors on testing periodic user access reviews.
They are now telling us that if there is a change(s) noted during the user access review we need to evaluate the change(s), and determine their effect on...
|
Does anyone know of any specific examples of SOX 404 violation punitive damages levied against an FI?
MikeMac | 11/12/2012 12:02:23 PM | COMMENTS(2)
|
What is the experiance of anyone in the group concerning how to set the scope for which business applications that need to included in the scope of annual testing?
|
Cobit Related
Posted by ISACA 433 days ago
|
Books
Posted by ISACA 473 days ago
|
Books
Posted by ISACA 612 days ago
|
Cobit Related
Posted by ISACA 704 days ago
|
Books
Manager's Guide to Compliance—Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB's A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices, and Case Studies—Best Practices and Case Studies
Posted by ISACA 1065 days ago
|
|
|
Volume 1, 2012
by Prakhar Srivastava and Tarun Verma
Log management can play a pivotal role in addressing PCI DSS requirements, be a success factor and enabler for safeguarding cardholder transaction data, and provide a secure and vulnerability-free environment for cardholders.
|
Volume 6, 2011
by Harmeet Kaur, CEH
As today’s business climate demands greater efficiency, security and regulatory compliance, the need for an effective IAM process has never been more pressing.
|
Volume 5, 2011
by Derek Mohammed, Ph.D., CISA, CISSP, PMP
Organizations need fully articulated security policies and procedures based on industry best practices to solidify their information system defenses and meet legal, contractual and regulatory requirements.
|
Volume 3, 2011
by William C. Brown, CISA, CPA, and Byron J. Pike, CPA
The US Securities and Exchange Commission (SEC) is planning what could be among the largest changes in the history of American accounting.
|
Volume 2, 2011
by Loic Jegousse, CISA, CISM, CGEIT, CRISC
The proposed approach in this article will assist in reducing reliance on IT automated controls (ITAC) when it makes business sense to do so.
|
Volume 5, 2010
by Arvind Mehta, CISA, C-EH, ISO 27001 LA
The right approach to identify the exact scope and extent of testing for Sarbanes-Oxley ITGC is to perform a detailed risk assessment focused on the risks associated with each general control process area.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
Interesting articles related to SOX and Whistleblowers
|
An interesting write-up on the pros and cons of SOX by a young techie!
|
A step-by-step guide to SOX compliance
|
Interesting findings on how SOX compliance has evolved over the years
|
Due to the stunning increase in the amount of regulatory and industry requirements over the past decade, a methodology commonly referred to as governance, risk and compliance (GRC) emerged.
Contributed by ISACA on 30 Jun 2010
|
Faced with a broad challenge to the Sarbanes-Oxley Act, the U.S. Supreme Court ruled narrowly Monday: It found that the manner in which the accounting body that administers an important section of SOX can be fired is unconstitutional.
Contributed by ISACA on 30 Jun 2010
|
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 1 comments
|
Hello, this is my first post on my blog at ISACA. I feel honored to be among the many members of the ISACA organization and look forward to exchanging ideas, issues, and changes in the Information Security and all of the areas of Risk, Governance, and Co...
Posted By : Donald515 | 0 comments
|
|
|