Cyber Security Industry Alliance Kicks Off Sarbanes-Oxley Compliance Initiative
December 14 2004 - 12:38PM
PR Newswire (US)
Cyber Security Industry Alliance Kicks Off Sarbanes-Oxley
Compliance Initiative Issues Report Finding That the Law Requires
Information Security to Be Employed to Ensure the Effectiveness of
Internal Controls Over Financial Reporting WASHINGTON, Dec. 14
/PRNewswire/ -- Cyber Security Industry Alliance (CSIA), the only
CEO public policy and advocacy group exclusively focused on cyber
security policy issues, today kicked off an initiative on
Sarbanes-Oxley compliance with the release of a report outlining
the implications of Section 404 on information security. The
question is no longer "whether" Section 404 covers information
security the report concludes, but rather "how" to comply with this
critical section in the context of IT security. Congress adopted
Sarbanes-Oxley, and Section 404 in particular, to protect investors
and shareholders by ensuring the integrity of financial reporting
and forcing corporate officials to take full responsibility for
public disclosures required under the law. There is, however,
considerable question over the law's implications for corporate
information security. After an extensive and objective review of
the statute, and its implementing guidance by outside experts, CSIA
finds that the internal control provisions clearly require publicly
traded companies to employ information security to the extent
necessary to ensure the effectiveness of internal controls over
financial reporting. "Companies are now realizing the sheer
magnitude of implementing Sarbanes-Oxley Section 404 controls, and
many have only touched the tip of the iceberg," said BindView CEO
Eric J. Pulaski. "Compliance and successful audits for
Sarbanes-Oxley place an extraordinary burden across the enterprise,
and particularly on IT organizations that must respond to the
demanding and watchful eyes of their CEOs, CFOs and boards of
directors. With millions of dollars, company reputation and your
personal liability at stake, it's a safe bet that few compromises
will be made in locking down internal controls. While many
companies will meet the initial deadlines by throwing people and
money at the problem, the greatest long-term challenge will be how
to sustain compliance in an affordable manner." With publicly
traded companies increasingly relying on complex and interdependent
IT systems to run their businesses, a key question is whether
Sarbanes-Oxley regulators have provided sufficient guidance to
corporate management and auditors on IT governance and security to
comply with Section 404. In this context, CSIA will hold a summit
in Washington, D.C. in April 2005 with representatives from both
the corporate management and auditing communities to examine their
experiences in complying with Sarbanes-Oxley and to address the
question whether additional guidance is needed. "Corporate boards
and executive management are still wrestling with differing
interpretations of Sarbanes-Oxley and information security, which
vary widely depending on whether you are talking to the CEO, CFO,
CIO, legal counsel, policymakers or regulators," said Bill Conner,
President, CEO and Chairman of Entrust, Inc. "The debate, however,
has now moved beyond whether Sarbanes-Oxley covers information
security to how best public companies can comply with the law. Our
emphasis should now be on the people, process and technologies that
constitute information security governance." "While we have
determined that information security is clearly covered under
Sarbanes-Oxley, an open question remains whether the guidance
provided by regulators is sufficiently detailed and specific for
managers of publicly traded companies to comply with this aspect of
the law," said Paul Kurtz, executive director of CSIA. "As a second
step in this initiative, we are organizing a summit in April with
key stakeholders affected by the internal controls provisions to
actively address the questions that still remain and consider
whether additional guidance is necessary from the Federal
government and other organizations." CSIA's report on
Sarbanes-Oxley was researched and developed by Lee Zeichner,
president of Zeichner Risk Analytics, and John Tritak, president of
Tritak Consulting and former director of the Critical
Infrastructure Assurance Office at the Department of Commerce. To
obtain a complete copy of the report, please visit
http://www.csialliance.org/. About CSIA Launched in February 2004
by a group of cyber security software, hardware and services
companies, the CSIA is an advocacy group whose mission is to
enhance cyber security through public policy initiatives, public
sector partnerships, corporate outreach, academic programs,
alignment behind emerging industry technology standards and public
education. The CSIA is the only CEO public policy and advocacy
group exclusively focused on cyber security policy issues. Members
of the CSIA include BindView Corp. (NASDAQ:BVEW); Check Point
Software Technologies Ltd. (NASDAQ:CHKP); Citadel Security Software
Inc. (NASDAQ:CDSS); Computer Associates International, Inc.
(NYSE:CA); Entrust, Inc. (NASDAQ:ENTU); Internet Security Systems
Inc. (NASDAQ:ISSX); Juniper Networks, Inc. (NASDAQ:JNPR); McAfee,
Inc. (NYSE:MFE); PGP Corporation; Qualys, Inc.; RSA Security Inc.
(NASDAQ:RSAS); Secure Computing Corporation (NASDAQ:SCUR), Symantec
Corporation (NASDAQ:SYMC) and TechGuard Security, LLC. To learn
more about the CSIA, please visit our Web site at
http://www.csialliance.org/ or call +1-202-204-0838. DATASOURCE:
Cyber Security Industry Alliance CONTACT: Stacy Simpson of the
Merritt Group, +1-703-556-6827, or , for the Cyber Security
Industry Alliance Web site: http://www.csialliance.org/
Copyright
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Jun 2024 to Jul 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Jul 2023 to Jul 2024