RealNews

Security and Sarbanes-Oxley

Security professionals may soon find themselves fielding calls from their companies’ upper management concerning the Sarbanes-Oxley Act. Sarbanes-Oxley, named for the two Congressmen who sponsored it, on the surface doesn’t have much to do with IT security. The law was passed to restore the public’s confidence in corporate governance by making chief executives of publicly traded companies personally validate financial statements and other information. President Bush signed on the law on July 30, 2002. Initially, companies had to be in compliance this fall, but extensions were granted. Large corporations now have until June 15, 2004, to meet the requirements of Sarbanes-Oxley. Smaller companies have to comply by April 15, 2005. Congress passed the law in quick response to accounting scandals surrounding Enron and other companies. Sarbanes-Oxley deals with many corporate governance issues, including executive compensation and the use of independent directors. “When it was initially adopted, the last thing on their minds was security. The law was passed to address things such as off-book transactions,” said Gary Saidman, an attorney specializing in information security matters with Atlanta-based law firm Kilpatrick Stockton. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.