Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· Directory
· Downloads
· FAQ
· Forums
· Search
· Sox_Admin
· Statistics
· Submit News
· Surveys
· Top 10
· Your Account

Sarbox Compliance
The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.

For detailed information see the toolkit's own website: Sarbanes-Oxley Compliance


SOX Act and Security
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.

The SOX email storage requirements can be fulfilled using the GFI MailArchiver


SOX Advertisers


Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!

Sarbanes-Oxley Act Forum: Forums

The Sarbanes Oxley Act :: View topic - Entitlement Review / User Access Review
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Entitlement Review / User Access Review

 
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley: IT Issues
View previous topic :: View next topic  
Author Message
JWA4Life
Newbie
Newbie


Joined: Dec 02, 2008
Posts: 1

PostPosted: Tue Dec 02, 2008 10:22 am    Post subject: Entitlement Review / User Access Review Reply with quote

Hello all,

I wanted to inquire with you all to see if you have any links to any resources where I can find specific "best practices" guidance with regard to conducting user access reviews. I am specifically looking for support that I will use in a management memo that I am going to write to support how our company needs to improve our user access review process.

Thanks!

Regards,

Jason
Back to top
View users profile
harrywaldron
SoxGuru
SoxGuru


Joined: Jan 12, 2006
Posts: 849
Location: Roanoke, Virginia

PostPosted: Thu Dec 11, 2008 3:12 pm    Post subject: Reply with quote

Hi Jason and welcome icon_smile.gif

The COBIT standards might be worthwhile to download and review

http://www.sarbanes-oxley-forum.com/modules.php?name=Forums&file=viewtopic&t=1920

This may also provide some links

Code:
http://www.google.com/search?hl=en&q=user+access+review

http://www.google.com/search?hl=en&q=user+access+review+best+practices


Some general tips based on past experience:

-- Ensure groups/permissions well documented by IT security
-- Ensure permissions have blessings of system owners (with approvals on file - electronically in sharepoint, email, change mgt system, etc)
-- Look for a minimalistic security approach on sensitive applications (like finance) where users have just enough rights to do job
-- Look for proper approval/autonomy levels in the workflow, permissions, and control structures
-- Use good tools like Bindview, KSA, or other advanced security tools to map our access rights electronically
Back to top
View users profile Visit posters website


Display posts from previous:   
Post new topic   Reply to topic    The Sarbanes Oxley Act Forum Index -> Sarbanes-Oxley: IT Issues All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Forums ©

 
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters.
Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox.
Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.