RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Records Management Program <[log in to unmask]>
Subject:
Re: passwords
From:
Peter Kurilecz <[log in to unmask]>
Date:
Tue, 4 Jan 2005 09:25:27 -0500
Reply-To:
Records Management Program <[log in to unmask]>
Parts/Attachments:
text/plain (36 lines) 
On Tue, 14 Dec 2004 15:47:06 -0500, Joseph Showl <[log in to unmask]>
wrote:

>I have just been informed by our IS dept that according to the SOX act
>that all future passwords have to be of six character long with one of
>the character being numeric. I just read in a post yesterday that the
>SOX act isn't that specific concerning passwords.

while perusing my various technical magazines over Christmas I came across
the following editorial comment in Information Security magazine that I
think is a perfect answer for your IS dept.

<snip>
SOX doesn't require that an enterprise have firewalls, traffic monitors,
access controls or auditing tools. It simply requires that adequate
processes and controls are in place to ensure data integrity and the
ability to demonstrate compliance.
<snip>
<snip>
SOX isn't a law about good security, it's about good business practice. It
codifies what every enterprise should have been doing all along for
security: establishing procedures and following them. When you do that,
security stops being purely security and becomes risk management.
<snip>

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss526_art1082,00.htm
l

http://shrinkster.com/2zs


PeterK

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2