Data Integrity: The Intersection of Infosec and SOX

Monday, September 13, 2010

Infosec Island Admin


Sarbanes-Oxley (SOX) was passed into law in 2002, and has consistently proven to be one of more complicated financial reporting regulations ever enacted. Compliance officers continue to struggle with implementing consistent and meaningful SOX controls.

Why would financial reporting regulation spurred by the accounting scandal at Enron have such tremendous impact on the information security sector?

Although information security is not mentioned specifically by SOX, the integrity of the data access chain is central to compliance, and thus quality infosec is a crucial element for success on multiple levels.

Simply stated, SOX requires publically traded companies to prove they are in compliance with financial and accounting reporting requirements, and that the data used in that reporting is accurate.

Controls are what information security has to bring to the table, from network security and database integrity to access controls, event logging, file corruption, authentication issues and more.

Beyond just implementing controls, companies also need to be able to provide an assessment of the effectiveness of those controls in protecting information systems - this is where secure IT comes into play.

The simple fact is that publically traded companies are almost wholly dependent upon electronic information technologies and both the producers of the financial data and the auditors of that data depend on system integrity to demonstrate SOX compliance.

SOX compliance best practice requires a new level of cooperation between IT, legal, executives and risk management staff. Developing effective enterprise policies is a dynamic process that requires ongoing review and improvement efforts.

Attending the 20th Edition SOX Compliance & Evolution to GRC Conference is an effective way to learn about the intricacies of effective SOX compliance from senior leadership at some of the nation's largest companies.

This conference, held November 4-5, 2010 in Philadelphia, PA, will provide SOX practitioners and information security specialists a unique opportunity to explore the future of SOX compliance, including how to create and manage a successful global SOX strategy while integrating enterprise-wide GRC efforts.

Attendees will gain exclusive insights into how developing multiple levels of control sign-off, formalizing reporting standards, strengthening internal checks, and ensuring that financial reports exercise full disclosure that will guarantee that your corporate governance is managed with precision.

Building on a series of successful SOX conferences, marcus evans and Infosec Island invite all those who are involved with Sarbanes-Oxley Compliance or Corporate Governance at their organizations to attend this premier event.

Keynote speakers and presenters for this conference include top leadership from Ryder, WalMart, Covidien, Ericsson, AstraZeneca, Medtronic, Wilmington Trust, Mohawk Industries and more.

Key Features of the Conference:

* Review innovative approaches for the successful launch and maintenance of a control self-assessment initiative

* Formulate methodologies to align senior management attention with the most pressing compliance priorities

* Ascertain the role a cross application of controls will have for the evolution of SOX programs

* Realize the necessity of a structured training and continuing education curriculum to ensure consistent performance of SOX controls and integrated GRC efforts

This conference is not a trade show! The SOX Compliance conference series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. This is not a vendor driven conference, so the higher level focus allows the delegates to network with their industry peers and speakers.

For more information on this conference, please visit: marcus evans

Or Contact Michele Westergaard, 312-540-3000 ext. 6625, 20

Possibly Related Articles:
Compliance Sarbanes-Oxley
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.