Sarbanes—oxley and enterprise security: It governance — what it takes to get the job done

Information Systems Security

Volumn 14, Issue 5, 2005, Pages 15-28

  Brown, William ^a   Nasuti, Frank ^b  

^a MINNESOTA STATE UNIVERSITY MANKATO   (United States)

^b NOVA SOUTHEASTERN UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 85006687496     PISSN: 1065898X     EISSN: None     Source Type: Journal    
DOI: 10.1201/1086.1065898X/45654.14.5.20051101/91010.4     Document Type: Article

References (28)

1. Beer, M., & Nohria, N. (2000, May-June). Cracking the code of change. Harvard Business Review, HBR OnPoint.
2. Chan, S. (2004). Sarbanes-Oxley: The IT dimension. The Internal Auditor, 61(1), 31-33.
3. CERT® Coordination Center. (2005). 2004 E-Crime Watch Survey shows significant increase in electronic crimes. Available at http://www.cert.org/about/ecrime.html.
4. CIO Insight/Gartner. (2004, May). EXP Research: Sar- banes-Oxley 2004: Are you ready to comply? Available at http://www.cioinsight.com.
5. Cobb, C. G. (2004, November). Sarbanes-Oxley: Pain or gain? Quality Progress, 37(11), 48-52.
6. Committee of Sponsoring Organizations. (2005). FAQs for COSO’s Enterprise Risk Management— Integrated Framework. Available at http://www. coso.org/Publications/ERM/erm_faq.htm.
7. Damianides, M. (2005, Winter). Sarbanes-Oxley and IT governance: New guidance and IT control and compliance. Information Systems Management.
8. Decker, S., & Lepeak, S. (2003). Connecting to ERP for SOX 404 Assessments. Available at the META Group Web site: http://www.metagroup. com
9. Dittmar, L. (2004, November). What will you do in Sarbanes- Oxley’s second year?” Financial Executive, 20(8), 17-18.
10. Heffes, E. (2005, January-February). FEI CEO’s 2005 top 10 financial reporting issues. Financial Executive, 21(1). Available at http://www.fei.org
11. Information Systems Audit and Control Association. (2005). About ISACA. Available at http://www. isaca.org
12. IT Governance Institute. (2005a). Board briefing on IT governance. Available at http://www.itgi.org
13. IT Governance Institute. (2005b). Governance of the extended enterprise, bridging business and IT strategies. Hoboken, NJ: John Wiley & Sons.
14. Kaarst-Brown, M., & Kelly, S. (2005). IT governance and Sarbanes-Oxley: The latest sales pitch or real challenges for the IT function? In Proceedings of the 38th Hawaii International Conference on System Sciences-2005, IEEE.
15. Kola, V. (2004, January-February). Sarbanes-Oxley Section 404: From practice to best practice. Financial Executive, 20.
16. Leskeia, L., & Logan, D. (2003). Sarbanes-Oxley compliance demands IS involvement. Available at the Gartner, Inc., Web site: http://www.gartner. com
17. Louwers, T., Ramsey, R., Sinason, D., & Strawser, J. (2005). Auditing and assurance services. New York: McGraw-Irwin.
18. Luftman, J., Bullen, C., Liao, D., Nash, E., & Neumann, C. (2004). Managing the information technology resource. Upper Saddle River, NJ: Pearson Prentice Hall.
19. Microsoft Executive Circle. (2004). Motorola case study. Available at the Microsoft Corporation Web site: http://www.microsoft. com
20. Mead, N. R., & McGraw, G. (2004). Regulation and information security: Can Y2K lessons help us? In IEEE Security and Privacy, IEEE.
21. Meyer, D. (2005). Beneath the buzz: ITIL is apower- ful tool, but holds pitfalls in store for those who get obsessed with it. Available at the CIO.com Web site: http://www.cio.com/leadership/buzz/column.html?ID=4186
22. Proctor, P. (2004). Sarbanes-Oxley security and risk controls: When is enough enough? In Infusion: Security & Risk Strategies. Available at the META Group Web site: http://www.metagroup. com
23. Ramos, M. (2004). How to comply with Sarbanes- Oxley Section 404. Hoboken, NJ: John Wiley & Sons.
24. Reich, B. H., & Nelson, K. (2003). In their own words: CIO visions about the future of in-house IT organizations. The Database for Advances in Information Systems, 34(4).
25. Stolovitch, D. A. (2004, January 30). Canadian ISO 17799 User Conference, Sun Life’s experience with security governance and ISO 17799. Available at http://www.scienton.com/7799ug/Papers. html
26. Symons, C. (2005, March 29). IT governance framework, structure, processes, and communication. Available at the Forrester Research Web site: http://www.forrester.com
27. Weill, P., & Ross, J. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston: Harvard Business School Press.
28. Zorz, M. (2003, March 12). Interview with Christopher Alberts, a senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute. Available at http://www.net-security.org.