Agree on all counts. Further, anyone (person, company, etc.) can be found guilty of breaking license violations. This isn't really a SOX thing.
So in reality, here's the problem, as I see it:
Companies spent over $6billion on consultants and auditors last year to get their companies up to SOX standards and pass audits.
Now, this guy comes along with a big bullhorn, and now, some manager/director/vp type is going to read this article on/. and hit the panic button. "Gee Thanks." That's all we need. Just throw those guys some more money. Which will undoubtedly come from some other budget, which will in turn result in someone's job being cut or someone's raise not being what it should be.
I like what you said, but let's be clear... SOX says nothing about change management.
SOX can be boiled down to two things: #1) The opinion from the auditor of how effective your controls are (this includes everything from IT to Payroll, and everything in between), and #2) The opinion from the auditor expressing their evaluation of if or if not you are following the controls.
Now. Consider what you said:
"SOX requires strict change management..." -- While true, it is somewhat misleading. Your company has established a Change Management methodology as a control to cover the accountability of changes to the systems. You follow these Change Management guidelines as if it were a religion. That results in #1 - their opinion of your C/M after evaluting it, and #2 - their opinion of if you're following it religiously.
Using TrueCrypt (linked elsewhere within this page of posts), you have the option of creating a hidden volume. It basically creates a dual-identity volume. It has two decryption keys. One that you type in when a gun (or subpoena) is pointed at your head, and another that you keep truly to yourself. With the hidden volume feature, you put dummy "pretend to be secret" stuff in the volume that is decryptable with the duress password, and then your real data in using your secret password.
This way, you mount the drive and have your data... but if you have to decrypt it for someone else, you can still mount a drive and show them something.
There's no evidence that the hidden volume exists.
1) In the amount of time it took you to write your ask/. post, you could have, at a minimum, scanned Monster.com for your locale. Figure out who is hiring what jobs. In my area, it's a lot of consulting firms.
2) Call those firms, link up with the recruiter (they're usually assigned somehow)... establish relationships and networks.
3) Use the network. Let them know who you are, what you do, what you're good at, and what you want to make $$.
4) As for the time issue, as has been said already, you found time to read/. and post here... interview? Ask for a 4pm and leave early.
Slashdot Mirror
Fair enough. :-)
Agree on all counts. Further, anyone (person, company, etc.) can be found guilty of breaking license violations. This isn't really a SOX thing.
/. and hit the panic button. "Gee Thanks." That's all we need. Just throw those guys some more money. Which will undoubtedly come from some other budget, which will in turn result in someone's job being cut or someone's raise not being what it should be.
So in reality, here's the problem, as I see it:
Companies spent over $6billion on consultants and auditors last year to get their companies up to SOX standards and pass audits.
Now, this guy comes along with a big bullhorn, and now, some manager/director/vp type is going to read this article on
C'mon people. Think before you write this stuff!
I like what you said, but let's be clear... SOX says nothing about change management.
SOX can be boiled down to two things: #1) The opinion from the auditor of how effective your controls are (this includes everything from IT to Payroll, and everything in between), and #2) The opinion from the auditor expressing their evaluation of if or if not you are following the controls.
Now. Consider what you said:
"SOX requires strict change management..." -- While true, it is somewhat misleading. Your company has established a Change Management methodology as a control to cover the accountability of changes to the systems. You follow these Change Management guidelines as if it were a religion. That results in #1 - their opinion of your C/M after evaluting it, and #2 - their opinion of if you're following it religiously.
Using TrueCrypt (linked elsewhere within this page of posts), you have the option of creating a hidden volume. It basically creates a dual-identity volume. It has two decryption keys. One that you type in when a gun (or subpoena) is pointed at your head, and another that you keep truly to yourself. With the hidden volume feature, you put dummy "pretend to be secret" stuff in the volume that is decryptable with the duress password, and then your real data in using your secret password. This way, you mount the drive and have your data... but if you have to decrypt it for someone else, you can still mount a drive and show them something. There's no evidence that the hidden volume exists.
1) In the amount of time it took you to write your ask /. post, you could have, at a minimum, scanned Monster.com for your locale. Figure out who is hiring what jobs. In my area, it's a lot of consulting firms.
/. and post here... interview? Ask for a 4pm and leave early.
2) Call those firms, link up with the recruiter (they're usually assigned somehow)... establish relationships and networks.
3) Use the network. Let them know who you are, what you do, what you're good at, and what you want to make $$.
4) As for the time issue, as has been said already, you found time to read