This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.Considerations Regarding Sarbanes-Oxley Act.
There are two significant sections of Sarbanes-Oxley Act that involve directly provisions about information security: 302 and 404. First of the two sections outlines the fact that both CEO (Chief Executive Officer) and CFO (Chief Financial Officer) need to imply into report activity, in order to ensure these are “accurate and complete”. Despite the fact that the law doesn’t point out specifically what internal controls must be assessed, it is clear that responsibility for financial reporting is residing at corporate top-management level. The same lack in specifying exactly what internal controls need assessment is present also in section 404. Another specification refers to the necessity of consulting an external audit (“The assessment must also be reviewed and judged by an outside auditing firm”) as second opinion. Another particularity of this act is the missing of direct references (with these words) to information security....