O'Reilly logo

Enemy at the Water Cooler by Brian T Contos

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Why Sarbanes-Oxley
There are a number of regulations and control frameworks in existence today
that can be partially addressed with technology such as ESM.These include,
but are certainly not limited to:
Sarbanes-Oxley
JSOX (Japanese SOX that mirrors the U.S. SOX and uses the COSO
framework)
HIPAA (Health Insurance Portability and Accountability Act)
PCI (Payment Card Industry) Data Security Standards
GLBA (Gramm-Leach-Bliley Act)
FISMA (Federal Information Systems Management Act)
California Senate Bill 1386
New York’s Information Security Breach and Notification Act
Washington’s SB-6043
DCID (Director of Central Intelligence Directive)
ISO/IEC 17799:2005 (International Standards Organization Best
Practices in Information Security)
COSO (Committee of Sponsoring Organizations)
COBIT (Control Objectives for Information and Related
Technologies)
ITIL (Information Technology Infrastructure Library)
European Union’s 8th Directive
Basel II
And there are many more, including some that are specific to various
countries and industries
I’ve been discussing how we address insider threats with ESM, but I want
to also explain how to address compliance, and I’d like to do it without
writing a second book.Therefore, this chapter will focus only on Sarbanes-
www.syngress.com
180 Chapter 14 • Addressing Both Insider Threats and Sarbanes-Oxley with ESM
424_Wtr_Clr_14.qxd 7/27/06 1:51 PM Page 180

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required