Panel: SOX Perspectives and Prospectives on Information Security and Related Issues
Bob Koszkalda, Key Bank
William (Bill) Schwartz, Applied Industrial
Jeff Zabukosec, Professional Solutions
Ken Stasiak, SecureState
Vince Cossel, Avery Dennison
Tom Nuedenberger, realtime North America Inc.,
In recent years, companies have been faced with a number of different compliance initiatives such as the Health Insurance Portability and Accountability Act (HIPAA), Graham-Leach-Bliley Act (GLBA), and Sarbanes-Oxley. Compliance with these regulations has resulted in companies dedicating a significant amount of resources and spending a great deal of money on these efforts. The challenges brought about by these regulatory requirements can prove to be a daunting task for a domestic company with centralized IT operations, but are even more challenging for a global organization with decentralized IT operations. We will discuss some of the challenges and benefits that Avery-a company with globally decentralized IT operations-has experienced as a result of our compliance efforts.
Identity management is a critical issue in today's global, interconnected economy. Failure to implement effective identity management systems can result in breaches in confidentiality, integrity, and availability of strategic information systems. Yet, senior FBI officials and others have observed that the traditional approach to identity management has several weaknesses which expose companies to significant risks, including poor "systems integration and enterprise solution strategies; failure to use [appropriate] tools or techniques to validate and manage identity; and a ... dependency on systems [which] rely upon numeric identifiers that are relatively easy to crack." This presentation will demonstrate how a biometrics-based identity management system has been integrated into SAP, a well-known enterprise resource planning system used by many companies and other organizations worldwide. The presentation will offer the audience an opportunity to see how the technology works and how it can be used to secure information resources and business processes at all levels of the organization.
With a modest but ambitious beginning in 1999, eXtensible Business Reporting Language (XBRL) became a high priority in 2004 as part of an SEC initiative to enhance the quality and transparency of financial reports. XBRL enhances financial statement users' ability to retrieve and analyze financial reports. Beginning in December 2004, companies are now encouraged to file their reports with the SEC in XBRL tagged format. With Sarbanes-Oxley's corporate governance requirements running parallel with the SEC's XBRL initiative, it is imperative that companies effectively leverage XBRL for regulatory compliance. This presentation will identify and address specific risks, controls and assurance issues in designing and implementing XBRL technology for effective corporate governance.
Employees and business partners are typically entrusted with significant authority to use an organization's information resources. Their role in assuring the integrity and security of information resources is often underestimated in automated distributed systems. Author and expert, Mike Whitman, expounds on these ideas and addresses the importance of employees and business partners in information security. This session presents best practices in assessing risks and assuring integrity from the perspective of employees' and business partners' interface with information technology.