Kenneth C. Laudon,Jane P. Laudon Management Information System 12th Edition pdf

Download 15,21 Mb.

Pdf ko'rish

bet	274/645
Sana	20.01.2022
Hajmi	15,21 Mb.
	#393158

1 ... 270 271 272 273 274 275 276 277 ... 645

Bog'liq
Kenneth C. Laudon ( PDFDrive ) (1)

Sarbanes-Oxley Act

Gramm-Leach-Bliley Act

after its congressional sponsors. This act

requires financial institutions to ensure the security and confidentiality of

customer data. Data must be stored on a secure medium, and special security

measures must be enforced to protect such data on storage media and during

transmittal.

If you work in a publicly traded company, your company will need to

comply with the Public Company Accounting Reform and Investor

Protection Act of 2002, better known as the

Sarbanes-Oxley Act

after its

sponsors Senator Paul Sarbanes of Maryland and Representative Michael

Oxley of Ohio. This Act was designed to protect investors after the financial

scandals at Enron, WorldCom, and other public companies. It imposes

responsibility on companies and their management to safeguard the accu-

racy and integrity of financial information that is used internally and

released externally. One of the Learning Tracks for this chapter discusses

Sarbanes-Oxley in detail.

Sarbanes-Oxley is fundamentally about ensuring that internal controls are in

place to govern the creation and documentation of information in financial

Chapter 8

Securing Information Systems

307

statements. Because information systems are used to generate, store, and trans-

port such data, the legislation requires firms to consider information systems

security and other controls required to ensure the integrity, confidentiality, and

accuracy of their data. Each system application that deals with critical financial

reporting data requires controls to make sure the data are accurate. Controls to

secure the corporate network, prevent unauthorized access to systems and

data, and ensure data integrity and availability in the event of disaster or other

disruption of service are essential as well.

ELECTRONIC EVIDENCE AND COMPUTER FORENSICS

Security, control, and electronic records management have become essential

for responding to legal actions. Much of the evidence today for stock fraud,

embezzlement, theft of company trade secrets, computer crime, and many

civil cases is in digital form. In addition to information from printed or

typewritten pages, legal cases today increasingly rely on evidence

represented as digital data stored on portable floppy disks, CDs, and computer

hard disk drives, as well as in e-mail, instant messages, and e-commerce

transactions over the Internet. E-mail is currently the most common type of

electronic evidence.

In a legal action, a firm is obligated to respond to a discovery request for

access to information that may be used as evidence, and the company is

required by law to produce those data. The cost of responding to a discovery

request can be enormous if the company has trouble assembling the required

data or the data have been corrupted or destroyed. Courts now impose severe

financial and even criminal penalties for improper destruction of electronic

documents.

An effective electronic document retention policy ensures that electronic

documents, e-mail, and other records are well organized, accessible, and neither

retained too long nor discarded too soon. It also reflects an awareness of how to

preserve potential evidence for computer forensics.

Download 15,21 Mb.

Do'stlaringiz bilan baham:

1 ... 270 271 272 273 274 275 276 277 ... 645