Click here to close now.

Welcome!

Web 2.0 Authors: Elizabeth White, Leon Fayer, Carmen Gonzalez, Pat Romanski, Liz McMillan

Related Topics: Security

News Feed Item

Cyber Security Industry Alliance Issues Findings from Summit on Sarbanes-Oxley and IT Security

Most Stakeholders Not Looking for More Official Guidance on IT Security

ARLINGTON, Va., Aug. 15 /PRNewswire/ -- Cyber Security Industry Alliance (CSIA), the only public policy and advocacy group dedicated exclusively to cyber security, today released a report that summarizes key findings and conclusions from a conference held to discuss the adequacy of guidance given on IT security in Sarbanes-Oxley. Today's announcement follows a Sarbanes- Oxley compliance initiative that began in 2004 with a CSIA report outlining the implications of Section 404 for information security.

Attendees at IT Security and Sarbanes-Oxley Compliance: A Roundtable Dialogue of Lessons Learned, addressed whether the statutory and administrative materials governing Section 404 provide enough guidance on IT security to enable management and auditors to carry out their compliance obligations.

"The conference proceedings and subsequent announcements from the Securities and Exchange Commission (SEC) indicate that additional detailed guidance on information technology and security controls under Section 404 is neither desired by corporate management nor likely to be forthcoming from regulators, who have expressed a preference for relying on management's discretion and judgment in establishing IT controls rather than providing specific audit control lists," said Paul Kurtz, executive director of CSIA. "Against this backdrop, many auditors, legal counsel and management plan to rely on generally agreed upon frameworks for IT security, such as COBIT and ISO 17799. Regardless of how management decides to specifically address information security, the one thing that remains clear is that it must be considered an important part of overall compliance."

Sponsored by CSIA, George Mason University School of Law's Critical Infrastructure Protection Program (GMU), The Institute of Internal Auditors (IIA), the Information Systems Audit and Control Association (ISACA) and the Information Systems Security Association (ISSA), the conference brought together experts representing each of the key stakeholder communities involved in Section 404 compliance. Corporate management, audit and accounting, legal counsel and IT security officers and professionals made up four panels that discussed experiences and lessons learned in addressing IT security issues relating to Section 404 and whether or not more official guidance is needed.

The report highlights five lessons learned from the first round of compliance efforts that include:

* Steep learning curve inevitable regardless of adequacy of IT guidelines The heated political climate that led to the passage of Sarbanes-Oxley, combined with the bright spotlight directed at corporate leaders with each new revelation of scandal, mismanagement or fraud, virtually assured that the first round of compliance was going to entail a steep learning curve, regardless of the level of guidance provided. * IT security is not a CEO priority The relationship between IT and compliance under Section 404 has not been well understood by senior management and therefore, not given personal priority attention. This is because Congress has been silent on the issue of IT and CEOs listen and act on what Congress says. Also, the relationship between the concept of "internal controls," an accounting concept, and the role of IT security is not well recognized by corporate leaders. * Deference to auditors by management and legal counsel Section 404 under Sarbanes-Oxley is designed to hold management and auditors separately accountable; however, both management and legal counsel tend to defer to auditors in terms of interpreting and implementing Section 404. * Augmentation of COSO framework required Section 404 states that a company's internal controls must be based on "a suitable, recognized control framework established by a body of experts that followed due-process procedures," and specifies the COSO framework, published by the Treadway Commission's Committee of Sponsoring Organizations, as suitable. However, the COSO framework alone provides insufficient guidance, and some say it is too broad and not sufficiently focused on financial controls. Some auditors and IT professionals refer to the standard set forth in the Control Objectives for Information and related Technology (COBIT), developed by ISACA's IT Governance Institute. * Existing control processes and procedures affect Sarbanes-Oxley compliance activities Companies with already established and implemented internal controls throughout their organization have an easier time meeting Section 404 compliance obligations. Those without solid internal controls are confronted with a more complicated compliance process.

The report concludes that management and legal counsel representatives generally opposed additional IT governance and security guidance from the Public Company Accounting Oversight Board (PCAOB), as it was seen as unnecessary, unhelpful and unwanted. However, representatives from public accounting firms were in favor of additional PCAOB guidance and many panelists were in favor of formal recognition by the PCAOB of COBIT.

Representatives were unanimous in the view that stakeholder communities do not communicate with one another effectively on IT governance and security, as they all speak in terms and language unique to their profession. They also agreed that a common lexicon and framework is needed to ensure all stakeholders share a common understanding of each other's roles and responsibilities in the Section 404 compliance process.

To obtain a copy of today's CSIA report, "IT Security and Sarbanes-Oxley Compliance: Conference Summary of Findings and Conclusions," please visit http://www.csialliance.org/.

About the Cyber Security Industry Alliance

CSIA is the only advocacy group dedicated exclusively to enhancing global cyber security through public policy, education, awareness and technology. The organization is led by CEOs from the world's top security providers, who offer the technical expertise, depth and focus to encourage a better understanding of cyber security issues. It is the belief of the CSIA that a comprehensive approach to ensuring the security, integrity and availability of global information systems is fundamental to national and economic stability. To learn more about the CSIA, please visit our Web site at http://www.csialliance.org/ or call +1-703-894-2742.

Members of the CSIA include BindView Corp. ; Check Point Software Technologies Ltd. ; Citadel Security Software Inc. ; Citrix Systems, Inc. ; Computer Associates International, Inc. ; Entrust, Inc. ; Internet Security Systems Inc. ; iPass Inc. ; Juniper Networks, Inc. ; McAfee, Inc. ; PGP Corporation; Qualys, Inc.; RSA Security Inc. ; Secure Computing Corporation , Surety, Inc.; Symantec Corporation and TechGuard Security, LLC.

Cyber Security Industry Alliance

CONTACT: Stacy Simpson of the Merritt Group, +1-703-390-1528, or
[email protected], for the Cyber Security Industry Alliance

Web site: http://www.csialliance.org/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, will discuss how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at the same time reduce Time to Market (TTM) by using plug and play capabilities offered by a robust I...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
The WebRTC Summit 2015 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable cloud platform.
SOA Software has changed its name to Akana. With roots in Web Services and SOA Governance, Akana has established itself as a leader in API Management and is expanding into cloud integration as an alternative to the traditional heavyweight enterprise service bus (ESB). The company recently announced that it achieved more than 90% year-over-year growth. As Akana, the company now addresses the evolution and diversification of SOA, unifying security, management, and DevOps across SOA, APIs, microservices, and more.
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting wearables as fashion accessories and moving away from the original clunky technology associated with t...
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
After making a doctor’s appointment via your mobile device, you receive a calendar invite. The day of your appointment, you get a reminder with the doctor’s location and contact information. As you enter the doctor’s exam room, the medical team is equipped with the latest tablet containing your medical history – he or she makes real time updates to your medical file. At the end of your visit, you receive an electronic prescription to your preferred pharmacy and can schedule your next appointment.
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional Social, Mobile and Cloud user experiences, our solutions help large and medium-sized organizations dr...
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of Cloud and Mobile Strategy at GENBAND, will explore what is needed to take a real time communications ...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
The list of ‘new paradigm’ technologies that now surrounds us appears to be at an all time high. From cloud computing and Big Data analytics to Bring Your Own Device (BYOD) and the Internet of Things (IoT), today we have to deal with what the industry likes to call ‘paradigm shifts’ at every level of IT. This is disruption; of course, we understand that – change is almost always disruptive.
SYS-CON Events announced today that SafeLogic has been named “Bag Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SafeLogic provides security products for applications in mobile and server/appliance environments. SafeLogic’s flagship product CryptoComply is a FIPS 140-2 validated cryptographic engine designed to secure data on servers, workstations, appliances, mobile devices, and in the Cloud.
GENBAND has announced that SageNet is leveraging the Nuvia platform to deliver Unified Communications as a Service (UCaaS) to its large base of retail and enterprise customers. Nuvia’s cloud-based solution provides SageNet’s customers with a full suite of business communications and collaboration tools. Two large national SageNet retail customers have recently signed up to deploy the Nuvia platform and the company will continue to sell the service to new and existing customers. Nuvia’s capabilities include HD voice, video, multimedia messaging, mobility, conferencing, Web collaboration, deskt...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborate. Cisco and our partners are building the platform for the Internet of Everything by connecting the...
Temasys has announced senior management additions to its team. Joining are David Holloway as Vice President of Commercial and Nadine Yap as Vice President of Product. Over the past 12 months Temasys has doubled in size as it adds new customers and expands the development of its Skylink platform. Skylink leads the charge to move WebRTC, traditionally seen as a desktop, browser based technology, to become a ubiquitous web communications technology on web and mobile, as well as Internet of Things compatible devices.
Docker is an excellent platform for organizations interested in running microservices. It offers portability and consistency between development and production environments, quick provisioning times, and a simple way to isolate services. In his session at DevOps Summit at 16th Cloud Expo, Shannon Williams, co-founder of Rancher Labs, will walk through these and other benefits of using Docker to run microservices, and provide an overview of RancherOS, a minimalist distribution of Linux designed expressly to run Docker. He will also discuss Rancher, an orchestration and service discovery platf...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.