Archive for May, 2008

Next Entries »

Significant Deficiency, simple scenario at SOX audit

The company processes a significant number of routine intercompany transactions on a monthly basis. Individual intercompany transactions are not material and primarily relate to balance sheet activity, for example, cash transfers between business units to finance normal operations.
A formal management policy requires monthly reconciliation of intercompany accounts and confirmation of balances between business units. However, […]

Popularity: 10% [?]

May 19th, 2008 | Posted in article | No Comments

Six step for effective Risk Management

Risk management follows a defined process that includes the following steps:
1. Develop a risk management team
2. Identify assets
3. Identify threats
4. Perform risk analysis
5. Perform risk mitigation
6. Monitor
The first step begins by developing a risk-management team, which is responsible for the risk assessment process. The risk-management team needs support and funding from senior management and should […]

Popularity: 5% [?]

May 12th, 2008 | Posted in article | No Comments

How to create a well-written policy statements

The cornerstones of effective information security programs are well-written policy statements. This is the wellspring of all other directives, standards, procedures, guidelines, and other supporting documents. As with any assessment process, it is important to ensure that policies establish the direction management wants to go with regard to security
When reviewing policies, Thomas R. Peltier in […]

Popularity: 41% [?]

May 11th, 2008 | Posted in article, implementation | No Comments

17 basics question for SOX vulnerability assessment

Do you have any security-related policies and standards
If so, do you want us to review them
Do you want us to perform a review of the physical security of your servers and network infrastructure
How many Internet domains do you have
How many Internet hosts do you have
Do you want us to map your Internet presence Otherwise, can […]

Popularity: 7% [?]

May 6th, 2008 | Posted in article | No Comments

Nine question for your system log management vendor

Can your tool collect and aggregate 100 percent of all log data from all inscope log sources on the network?
Are your logs transported and stored securely to satisfy the CIA (Confidentiality, Integrity, Availability) of log data?
Are there packaged reports that suit the needs of your Sarbanes Oxley projects stakeholders such as IT, auditors, maybe even […]

Popularity: 9% [?]

May 1st, 2008 | Posted in article, system log | No Comments

Next Entries »