SearchSecurity.com's SOX Security School

Thursday 13 July 2006 11:00

Welcome to SearchSecurity.com's SOX Security School. In this free, multi-media Security School, guest instructor Richard Mackey shows you exactly what you need to do to meet SOX's ongoing demands and arms you with actionable items to ensure your business remains continuously compliant. This course consists of three lessons -- beginning with a SOX Scorecard and foundational article -- to help you see where your organization stands and help you understand the basics of SOX standards. Lesson 2 consists of one 60-minute webcast and three 15-minute quickcasts, and Lesson 3 offers three articles covering compliance-related technology. All of these resources are available on-demand, so you can learn at your convenience. As a bonus, through our agreement with (ISC)², all CISSP and SSCP webcast attendees are entitled to 1 CPE credit per webcast hour. ( Click here for details)

   Course Outline
  Lesson 1: Gauging your SOX progress
  Lesson 2: Taking action
  Lesson 3: Understanding compliance-related technology
  Final exam
   About the Instructor

(IE only)

SCHOOL HIGHLIGHTS

Send the editor your feedback on this Security School

Learn about earning CPE credits

Visit our Security School for CISSP training

Visit our E-mail Security School

Visit our Web Security School

SOX Security School Course Outline

Lesson 1: Gauging your SOX progress
SOX Scorecard
This multiple-choice scorecard walks you through a combination of fundamental and more subtle COBIT-related security requirements enabling you to judge where your organization stands in terms of meeting SOX's demands. You'll answer twenty questions -- five related to each of COBIT's four main security aspects: planning and organization, acquisition and implementation, delivery and support, and monitoring.
GO TO THE SCORECARD
Article:SOX, security standards and building a compliance framework
This article helps you understand the various security standards related to SOX compliance. You learn what these standards call for as well as how they relate to SOX and one another.
READ THE ARTICLE

Lesson 2: Taking action
Webcast:A security team's to-do list
This 60-minute webcast helps information security teams understand the regulation's evolving expectations and arms them with actionable items to ensure that their businesses remain continuously compliant. Guest speaker Richard Mackey, Principal, SystemExperts, provides a brief recap of SOX's goals, COSO's broad application to business, COBIT and IT governance.
VIEW THIS WEBCAST
Quickcast 1:How-to guide: SOX, ID management and access control
In 15 minutes, you'll learn the importance of provisioning in SOX compliance, and how to meet specific control objectives from COBIT.
VIEW THIS QUICKCAST
Quickcast 2:How-to guide: SOX and vulnerability remediation
In this 15-minute webcast session, you'll learn tactics for meeting control objectives associated with vulnerability remediation.
VIEW THIS QUICKCAST
Quickcast 3:How-to guide: IT governance and SOX compliance
In 15 minutes, learn valuable tactics for getting business and technical organizations to take responsibility for technical compliance, as well as specific steps for defining policies and mechanisms that help the business comply.
VIEW THIS QUICKCAST

Lesson 3: Understanding compliance-related technology
Article:SOX reality check: Policy tools
Learn how to best use policy templates for SOX compliance and how to apply policies within a business context. This article provides an overview of policy sets and audit tools, and teaches you how to use standards as a guide for developing policies.
READ THIS ARTICLE
Article:SOX reality check: Provisioning systems
Gain insight into compliance-related products for account lifecycle management, reporting and review, and workflow and approvals.
READ THIS ARTICLE
Article:SOX reality check: Compliance management products
SOX compliance extends beyond IT and security. This article examines all-in-one compliance tools, and explains what they can and can't do.
READ THIS ARTICLE

Final Exam
After you've completed Lessons 1, 2 and 3, take the Final Exam to assess your knowledge of SOX based on what you've learned in this school.
TAKE THE FINAL EXAM

About the Instructor

Richard Mackey, ISACA, CISM, Principal, SystemExperts is regarded as one of the industry's foremost authorities on distributed computing infrastructure and security. He has advised leading Wall Street firms on overall security architecture, virtual private networks, enterprise-wide authentication, and intrusion detection and analysis. He also has unmatched expertise in the OSF Distributed Computing Environment. Prior to joining SystemExperts, Mr. Mackey was the director of collaborative development for The Open Group (the merger of the Open Software Foundation and X/Open) where he was responsible for the integration of Microsoft's ActiveX Core with DCE and DCE Release 1.2. Mr. Mackey is an original member of the DCE Request For Technology technical evaluation team and was responsible for the architecture and defining the contents of DCE Releases 1.1 and 1.2. He has been a frequent speaker at major conferences and has taught numerous tutorials on developing secure distributed applications.