Article:

Passing an Audit: Lessons learned from an information security professional

Information Security magazine

by Robert Childs
16 Aug 2005

 

Like many information security professionals, I spent the last year working with auditors to decipher the new world of compliance. The Sarbanes-Oxley Act has changed how auditors look at controls, in turn challenging IT and Finance departments to interpret the control requirements and implement compliant processes. We spent the better part of eight months updating and documenting IT and information security controls, and working closely with internal auditors to identify areas needing improvement. In the end, we passed our first SOX audit and walked away from the process armed with valuable lessons learned for the next time around. My goal is to share them with you in the hope that you can benefit from our experience.

Read the Complete Article

 

 

About the author
Robert Childs is currently the Information Security Analyst for PNM Resources, Inc. He is responsible for the information security architecture, policies, standards and compliance processes for the company. He has approximately 26 years of corporate work experience, including IT audit and information security. He has an MBA in International Management from Thunderbird –The Garvin School of International Management, and a BBA in Finance from University of Texas at Austin. He is a CISSP, CISM and CISA.