Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Sarbanes-Oxley Act Overview
Looking at the integrity and accountability of financial reporting has become headline news. Widely publicized financial scandals have caused damage to investor, employee, and customer confidence. Government and regulatory agencies have enacted and are starting to enforce new regulations for corporate governance to restore confidence and trust. The response from the United States government regarding the Enron, WorldCom, and Tyco accounting scandals of the late 1990's was the Sarbanes-Oxley Act (The Act) of 2002. It establishes standards for maintaining and preserving electronic and paper records in addition to the accountability of corporate executives, employees, and auditors. The Act contains11 titles and also established new standards for corporate accountability and penalties of fines and imprisonment. Under the act, companies must validate financial statements, maintain auditing practices, report on the effectiveness of the internal controls, and assure integrity and timeliness of data.
The main purpose of the legislation is to make organizations and their executives be held responsible for the validity of corporate reporting. The reporting requires all companies with public interests to require executives to attest to the accuracy of the financial conditions and disclosure of internal weaknesses. An article written by Guardian Digital Inc. says that, "As mandated by SOX (the Sarbanes-Oxley Act), corporations can accommodate these regulations through the design, implementation, and maintenance of efficient and effective internal controls."
There are many sections to the SOA that President Bush signed. According to Mathew Bender in the book, "The Sarbanes Oxley Act of 2002 with Analysis", SOA contains two provisions requiring CEOs and CFOs to certify certain SEC filings. The first section requires them to certify that annual and quarterly reports have been reviewed by themselves, does not contain any untrue statement or omit to state a material fact, information fairly represents the situation, and they must disclose any deficiencies or changes to the internal controls. The second section requires that when a report is filed, the CEO or CFO must have a written statement saying that fully complies with the requirements and that it fairly represents the financial and operational results. If they certify the report knowing that it is false, they can face criminal penalties.
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New OpenOffice.org packages fix several vulnerabilities | ||
|
29th, June, 2006
Several vulnerabilities have been discovered in OpenOffice.org, a free office suite. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-2198 CVE-2006-2199 CVE-2006-3117 advisories/debian/debian-new-openofficeorg-packages-fix-several-vulnerabilities-56304 |
||
| Debian: New OpenOffice.org packages fix arbitrary code execution | ||
|
6th, July, 2006
Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update. advisories/debian/debian-new-openofficeorg-packages-fix-arbitrary-code-execution-79391 |
||
| Mandriva | ||
| Mandriva: Updated libwmf packages fixes embedded GD vulnerability | ||
|
29th, June, 2006
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. (CVE-2004-0941) |
||
| Mandriva: Updated kernel packages fixes multiple vulnerabilities | ||
|
5th, July, 2006
A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel. |
||
| SuSE | ||
| SuSE: Opera 9.0 security upgrade | ||
|
3rd, July, 2006
Updated package. |
||
| SuSE: kdebase3-kdm information disclosure | ||
|
3rd, July, 2006
Updated package. |
||
| SuSE: OpenOffice_org remote code execution | ||
|
3rd, July, 2006
Updated package. |
||
| SuSE: acroread remote code execution | ||
|
4th, July, 2006
Updated package. |
||
