萨班斯-奥克斯利法案与企业安全:IT治理——如何完成工作

Q4 Social Sciences

Journal of Information Systems Security Pub Date : 2005-08-01 DOI:10.1201/1086.1065898X/45654.14.5.20051101/91010.4

William C. Brown, Frank Nasuti

{"title":"萨班斯-奥克斯利法案与企业安全:IT治理——如何完成工作","authors":"William C. Brown, Frank Nasuti","doi":"10.1201/1086.1065898X/45654.14.5.20051101/91010.4","DOIUrl":null,"url":null,"abstract":"Abstract Several sections of the Sarbanes— Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations (COSO) that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with Motorola's Management Board to create an enabling security organization to sustain long-term change.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"4 1","pages":"15 - 28"},"PeriodicalIF":0.0000,"publicationDate":"2005-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":"{\"title\":\"Sarbanes—Oxley and Enterprise Security: IT Governance — What It Takes to Get the Job Done\",\"authors\":\"William C. Brown, Frank Nasuti\",\"doi\":\"10.1201/1086.1065898X/45654.14.5.20051101/91010.4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Several sections of the Sarbanes— Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations (COSO) that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with Motorola's Management Board to create an enabling security organization to sustain long-term change.\",\"PeriodicalId\":36738,\"journal\":{\"name\":\"Journal of Information Systems Security\",\"volume\":\"4 1\",\"pages\":\"15 - 28\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"44\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91010.4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91010.4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 44

摘要

2002年《萨班斯-奥克斯利法案》(Sarbanes - Oxley Act of 2002，简称SOX)的若干条款直接影响信息技术(IT)组织的治理，包括首席信息官可能获得的SOX认证、第404条内部控制评估、向公众“快速和及时”披露重大变化，以及真实和不可变的记录保留。美国证券交易委员会(SEC)要求上市公司遵守特雷德韦委员会的赞助组织委员会(COSO)，该委员会定义了企业风险，并将安全性作为企业风险评估的关键变量。根据SOX遵从性检查有效的IT和安全治理。摩托罗拉IT安全治理展示了有效的结构、流程和通信;集中的安全领导与摩托罗拉的管理委员会一起创建一个能够维持长期变化的安全组织。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Sarbanes—Oxley and Enterprise Security: IT Governance — What It Takes to Get the Job Done

Abstract Several sections of the Sarbanes— Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations (COSO) that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with Motorola's Management Board to create an enabling security organization to sustain long-term change.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Systems Security Social Sciences-Safety Research

CiteScore

0.40

自引率

0.00%

发文量