Sarbanes-Oxley; partnering for security; security certification guide

Sarbanes-Oxley Compliance: Brass Tacks and Best Practices

June marks the two-year anniversary of the Sarbanes-Oxley Act. Since it was passed, there's been little consensus about how to ensure compliance, how strictly the law will be interpreted and enforced, what role the CIO should play, the extent to which technology must be used, and how many resources should be devoted to the effort. Then there's the problem with the imprecise language in the law itself.

Keep one thing in mind: When it comes to SOX, compliance is all over the map, but it doesn't have to be pretty to satisfy the law.

Read the full article here, courtesy of The IT Compliance Institute:

- - -

Security Chief Urges Partnering

A Homeland Security Department official says that the government's record of fostering public/private partnerships for securing cyberspace has been unacceptable. The government pledges to work harder on developing its relationships with the private sector in the coming year and will pursue a long-term agenda that may not see results for many years to come.

Read the full story here, courtesy of Federal Computer Week:

- - -

Free Guide Helps You Sort Out Security Certifications

Security is one of the hottest areas in IT certification, but it can also be the most confusing. and Microsoft Certified Professional Magazine have created a free guide to help IT professionals and managers sort out the options.

The Security Certification Resource Guide profiles nearly every major security-related certification, along with an explanation of the audience they're aimed for, the requirements for obtaining the titles, and what separates each from the other credentials. Also included is advice on developing an IT security career and a list of top Web site and newsletter resources.

Request the guide here:

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.