SECURITY RESOURCES > COMPLIANCE BULLETIN
These library resources require an Ounce Labs ID. Log in or register.
Software Security Assurance
Compliance Guide for Commercial Organizations
As a result of Sarbanes-Oxley, commercial organizations are required to assess and mitigate the risk associated with the systems and software on which their financial information relies. Sarbanes-Oxley compliance efforts must include assertions about the integrity of financial systems and data. To assist with Sarbanes Oxley Section 404 compliance, the use of an automated source code review tool provides the strongest evidence to support internal control guidelines and demonstrate ongoing improvement.
This guide details the software security assurance control objectives for Sarbanes-Oxley, mapping them to internal control frameworks such as CobiT, COSO, and standards such as ISO 17799, and how automated source code analysis technologies can make the compliance process efficient, measurable and effective.