Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Sarbanes-Oxley for Dummies", Jill Gilbert Welytok

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Sarbanes-Oxley for Dummies", Jill Gilbert Welytok
Date: Tue, 24 Apr 2007 14:31:24 -0800 
BKSOXDUM.RVW   20070125

"Sarbanes-Oxley for Dummies", Jill Gilbert Welytok, 2006,
0-471-76846-4, U$21.99/C$25.99
%A   Jill Gilbert Welytok jgilbert@abtechlaw.com www.abtechlaw.com
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2006
%G   0-471-76846-4
%I   John Wiley & Sons, Inc.
%O   U$21.99/C$25.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471768464/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0471768464/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0471768464/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   364 p.
%T   "Sarbanes-Oxley for Dummies"

The introduction states that this is an overview treatment of the
Sarbanes-Oxley (SOX) law and related regulations, avoiding in-depth
discussions but providing enough background for the reader to
understand key concepts, structure basic compliance, and predict major
future trends in the directives.

Part one gives a historical review of the rationale behind SOX. 
Chapter one looks at loopholes in reporting before SOX, the political
climate behind the swift passage of SOX, and the basic requirements
under SOX.  The financial scandals that gave impetus to the law, and a
review of the new restrictions from a slightly different perspective,
are in chapter two.  Various (United States) securities laws, and the
specific SOX provisions, are listed in chapter three.  Chapter four
gives a very brief outline of financial statements (without really
explaining how SOX will assist with reporting).

Part two addresses compliance with the new standards.  Chapter five
notes that the accounting profession now has specific criteria to meet
in regard to auditing, rather than the previous self-regulation.  The
Public Company Accounting Oversight Board (PCAOB) is described in
chapter six.  Rules for audit committees are listed in chapter seven. 
Chapter eight notes regulations for ensuring the independence of
boards of directors.  Specific edicts for chief executive and
financial officers are noted in chapter nine.  Chapter ten mentions
other new dictates for corporate management.

Particulars of audits according to section 404 are outlined in part
three.  Chapter eleven looks at the meaning of "internal controls." 
Roles and responsibilities for components of an audit are covered in
chapter twelve.  Specific problems and items that will assist in the
audit process are in chapter thirteen.

Part four notes software tools, supposedly to help you either with
security program planning or compliance with SOX.  Chapter fourteen
lists types of software and the tasks that can be assisted by
software.  The tasks are not correlated with the types of software,
and there are actually only a couple of programs mentioned.  Preparing
to use one specific program is described in chapter fifteen.

Part five looks to the future.  Chapter sixteen looks at some of the
court cases in areas related to SOX.  Chapter seventeen notes the
extension of SOX to activities that might be considered to be outside
its jurisdiction (including foreign companies).

Part six is the obligatory "Part of Tens," including ten ways to not
get sued, an equivalent number of tips for an audit committee, smart
management moves, things an auditor can't change after the audit, and
references.

There is surprisingly little explanation about what SOX actually is
and requires.  There is some background about the development of SOX,
but the key concepts, basic compliance, and prediction of future
trends is definitely missing.  Since legal compliance issues are
likely of great significance to corporations, it is unlikely that this
book would be of much help to anyone.

copyright Robert M. Slade, 2007   BKSOXDUM.RVW   20070125


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
The presence of those seeking the truth is infinitely to be
preferred to those who think they've found it.
                             - `Monstrous Regiment,' Terry Pratchett
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Sarbanes-Oxley for Dummies", Jill Gilbert Welytok, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Information Security Awareness Basics", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] REVIEW: "Information Security Architecture", Jan Killmeyer, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "Information Security Awareness Basics", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] REVIEW: "Information Security Architecture", Jan Killmeyer, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]