Practical VoIP Security
Written for the thousands of IT professionals who are now responsible for deploying and maintaining secure VoIP networks, this book covers evaluation, design, integration, and management of VoIP networking components.
TABLE OF CONTENTS Practical VoIP Security
SOX: Sarbanes-Oxley Act
Enacted in response to corporate scandals at Enron, Tyco, and Worldcom during 2001, the Sarbanes-Oxley Act of 2002 was designed to bolster confidence in the financial reporting of publicly traded corporations in the United States. When he signed the Act into law, President Bush hailed it as the most far reaching reforms of American business practices since the time of Franklin Delano Roosevelt. Since that time, an estimated $5 billion has been spent by U.S.-listed corporations to comply with the act.
SOX Regulatory Basics
Let s take a few minutes to go through the Sarbanes-Oxley Act and what it requires, starting with what the regulations themselves explicitly require. Then we ll look at related recommendations that SOX consultants and auditors are likely to recommend above and beyond the explicit legal requirements.
Direct from the Regulations
When it comes to VoIP or any other IP application, Section 404 is the only part of SOX that even remotely applies. Section 404 isn t long but since it s been the basis for hundreds (perhaps thousands) of costly IT reporting and process changes ultimately attributed to Sarbanes-Oxley over the past few years, I m going to reproduce it in its entirety but first here s the simple version:
-
404(a) requires an annual report from management regarding the effectiveness of internal controls.
-
404(b) requires an independent auditor to report on (and attest to) management s annual report.
So we re really just talking about two reports here: one that s signed by the officers of a company, and another that s signed...
Copyright Syngress Publishing, Inc. 2006 under license agreement with Books24x7
