S
The best place is to look at the FFIEC web page this is the gov. enity that tells how to comply. Also you ned to get the ISO 15408 std it also is a how-to document.
Anyone know where i can find a description of what different areas the sox cover. Preferably a good detailed description but not a direct link to the act itself.
If I have understood it correctly, for instance, the 404 section covers things similarly to ISO17799 (separation of duties, logging, least priviledge, user provisioning…etc.). But what about the other sections?
And also, does anyone know, roughly, how much of the sox is covered by the ISO17799 controls?
anyone have any good tip on where i can find information?