Sarbanes-oxley
Results 1 to 5 of 5

Thread: Sarbanes-oxley

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421

    Sarbanes-oxley

    Anyone here familiar enough with SARBANES-OXLEY to tell me if 128 bit SSL based encryption for file transfers (FTP) will satifsy or do you start with the IPSEC route and avoid SSL altogether?

    I searched the rules (not line for line, used an index) and find vague guidelines but nothing
    concrete.

    I just really want how SOX defines, not general opinion on encrypted file transfers.

    Anyone?

    Best Regards,

    SGS

  2. #2
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,228
    I don't have much experience with SOX, but you might want to post your question here:

    http://www.sarbanes-oxley-forum.com/

    Welcome to the Sarbanes-Oxley Forum. This interactive community portal is designed to facilitate the exchange of information between those seeking to comply with the requirements of this important legislation. It is also intended to act as a guide, offering useful resources and tips.

    The forum comprises a number of useful areas, including an FAQ, a fully functional online forum, and a news section to which interested parties can submit their own experiences. These can be selected from the panel on the left. Registration to the portal is easy and free, and visitors are strongly encouraged to participate in this project.

    Finally, please feel free to submit your feedback, recommendations, articles or any other useful information.... and of course... don't forget to vote in our current survey!

    Or, if you want to spend some company ca$h...

    http://www.ycasox.com/sYCA_index.aspx

    YCASOX.com is a sarbox resource-highlighting YCA's capabilities for Sarbanes Oxley compliance, Sarbanes Oxley consultants, Sarbanes Oxley consulting, Sarbanes Oxley solutions, Sarbanes Oxley internal controls, Sarbanes Oxley training, and all the challenges facing Sarbanes Oxley.
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  3. #3
    Junior Member
    Join Date
    Aug 2004
    Posts
    17
    I don't believe it is enough..........if I remember correclty, 256 AES is the lowest encrypt you may go to satisfy.........but I'm not entirely sure........

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by 11001001
    I don't have much experience with SOX, but you might want to post your question here:

    http://www.sarbanes-oxley-forum.com/

    Or, if you want to spend some company ca$h...

    http://www.ycasox.com/sYCA_index.aspx
    Will be going to similar routes for sure....

    Thought it might be a fun thread in contrast to the many recent "xp sp2 sucks" threads...

    Thanks!!

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    128 bit will be just fine as long as tests proove that you are using it and that your company's board will sign of that they understand that you use it and as far as they are aware (and your auditors) it is working as you describe. Your auditors will undoubtedly want to pass comment, but 128 bit should be fine.

    SOX (to the best of my knowledge) does not set out specifc technical standards, its basically designed to ensure that Directors sign of (and therefore accept accountability) that controls are in place.

    For specific criteria you would be better of looking at FDIC, BS7799 etc requirments.
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •