Logging, Syslog and Log Anaylsys Forums
»
Forums
»
Logs, Sarbanes Oxley and Compliance
Year 2 of Sarbanes/Oxley
Username:
1 Hour
1 Day
1 Week
1 Month
Forever
Password:
Home
Help
Search
Quick Search
Advanced Search
Login
Register
News
:
« previous
next »
Pages: [
1
]
0 Members and 1 Guest are viewing this topic.
Topic Tools
Topic Tools
Print
July 10, 2005, 06:33:29 pm
#0
Anonymous
Anonymous
Guest
Year 2 of Sarbanes/Oxley
So, we've met with our auditors on year 2 SOX compliance, and the rule have changed a bit with the recent PCAOB guidance. The auditors are much more concerned about change management now than last year. They are going beyond separation of duties and looking at how we can prove that no one made out of cycle changes - ie. some sort of positive check on application changes.
My question is this: how should I approach this? Is there specific log evidence that can be collected and used? Should we be looking at other technologies like tripwire?
July 11, 2005, 09:58:28 pm
#1
mutex
mutex
Show mutex's last posts.
Show general stats for mutex.
Administrator
Newbie
Posts: 782
RE: Year 2 of Sarbanes/Oxley
I'd recommend using something like tripwire to reconcile file changes with change requests, to show that no changes were made outside of the change management process.
Pages: [
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Forums
-----------------------------
=> Syslog & syslogd
===> syslog-ng
=> Log Data and Analysis
=> Windows Event Log
=> Web Server Logs
=> Security
=> General Discussion
=> Red Light District
=> Logs, Sarbanes Oxley and Compliance
GoogleTagged:
year
sarbanes oxley year year
oxley
sarbanes
Information Security News
|
Jerry Bell's blog
|
Enterprise IT
|
Tropical Fish Information
|
Tropical Fish Forums
Loading...
Print