The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form.

Q: Where can I go for more information about SOX compliance and SOX-related resources?

A: The Sarbanes-Oxley Compliance Journal has a good summary of their articles at at www.s-ox.com/resources/. The Securities and Exchange Commision has a SOX page at www.sec.gov/spotlight/sarbanes-oxley.htm. The Public Company Accounting Oversight Board operates www.pcaobus.org with audit-related information.

Q: How do information security frameworks like ISO 17799, COSO, and CoBIT relate to SOX?

A: The Cyber Security Industy Alliance has published an excellent report on this topic, IT Security and Sarbanes-Oxley Compliance: Conference Summary of Findings and Conclusions, which can be found online at www.csialliance.org/resources/pdfs/CSIA_PostSox_Summit_Report.pdf.

Q: Where can I go to learn more details about HIPAA?

A: The HHS/OCR Web site is excellent. Go to www.hhs.gov/ocr/hipaa/. Another excellent site with a large FAQ is the CMS site at http://cms.hhs.gov/HIPAAGenInfo/ (click on the Questions link on the top menu bar to get there).

Q: Where can I go to learn more details about CALEA?

A: 1. The FBI CALEA Implementation...