By Brian Cohen

http://www.s-ox.com/Feature/detail.cfm?ArticleID=1586

Gartner predicts that by 2009, 80 percent of companies will have suffered an application security incident, and, as a result, will react by creating roles in the AD and testing organizations to ensure that security is handled at the application level. What can be done to reverse this troubling trend?

ＩＴのセキュリティーはハードの面よりも人的なミスや勘違いの方が問題を引き起こす確立が高いと思う。長い記事だな〜と思いながら読み進めると、

SOX Section 404 requires sufficient internal controls and audit practices to ensure that confidential information is not compromised. So, as we web enable our information systems, how can we ensure that we are complying with the SOX requirements? First and foremost, we must be aware of the fact that the most likely type of attack to occur is one at the application level, and we should take appropriate steps to quantify our application risk today and do everything we can to minimize our exposure, now and in the future. To do so, every organization should focus their efforts in three critical areas: People, process, and technology.

ＳＯＸ法に対応するには人、プロセスとテクノロジーの面からセキュリティーについて対策を練る必要があるというのは同感だ。