SarBox Lawsuit Could Rewrite IT Compliance Rules

← Back to Stories (view on slashdot.org)

SarBox Lawsuit Could Rewrite IT Compliance Rules

Posted by kdawson on Tuesday December 1, 2009 @08:45AM from the sluice-gate-to-security-spending dept.

dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional. If the plaintiffs are successful, it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance. "Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law."

9 of 124 comments (clear)

Min score:

Reason:

Sort:

not found by Anonymous Coward · 2009-12-01 08:47 · Score: 5, Funny

I tried to look up this 404 thing, but I couldn't find it anywhere.
1. Re:not found by sbeckstead · 2009-12-01 09:11 · Score: 2, Funny
  
  I tried to look up this 404 thing, but I couldn't find it anywhere.
  
  That's funny I found it all over the web. But I couldn't find anything else...
  
  --
  Why bother
2. Re:not found by Rudeboy777 · 2009-12-01 09:14 · Score: 4, Funny
  
  SOX 404 - Usefulness not found
  
  --
  From hell's heart I fstab at /dev/hdc
I Know! by fuzzyfuzzyfungus · 2009-12-01 09:08 · Score: 4, Funny

In order to ensure security against DOS attacks, I think it would be reasonable to mandate that all vendors be required to prove that their programs will halt in finite time, given an arbitrary input.

That seems like a wholly reasonable request, not too burdensome, and should improve security.
1. Re:I Know! by Bigjeff5 · 2009-12-01 09:27 · Score: 3, Funny
  
  You heard the man, noone use the Internet until this is done.
  I don't see why the Noones weren't allowed to use the internet before, or why they'll have to stop when this is over, but it's nice that you're willing to let them use it a little bit, I guess.
  Or perhaps you meant "no one"?
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
2. Re:I Know! by Obfuscant · 2009-12-01 10:06 · Score: 3, Funny
  
  Is it okay if sometimes the program doesn't do anything useful with the input?
  Slashdot is already patented, isn't it?
Re:Rule #1 of government.... by Gudeldar · 2009-12-01 09:09 · Score: 2, Funny

A comment critical of government that isn't +5?

This is Slashdot I'm reading right?
Re:Rule #1 of government.... by Anonymous Coward · 2009-12-01 09:20 · Score: 1, Funny

As part of a prank, we have replaced Slashdot with the Daily Kos. Let's see what happens!
Re:Budgest re-adjustment... by c6gunner · 2009-12-01 10:48 · Score: 3, Funny

And you get "Flame Wrong Orgy", which, strangely, doesn't seem all that unusual on Slashdot.