<"Does it really matter? SOX is just another way congress has come up with to destroy the American economy, <and in fact the American way of life.">
That is not true. SOX was a much needed and overdue reform and perhaps one of the best things both Bush and Congress did for the American economy, the American way of life, and the stock market which had taken a beating after the MCI, et al scandals. No one had confidence in financial statements anymore. Much of the SOX work has identified many control weaknesses in IT systems and led to much remediation which has strengthened IT and financial internal controls, at both the infrastructure and application levels. The last person to bad mouth SOX, Alan Greenspan, just prior to the recent Wall Street melt down, suffered a lot of grief for this lack of attention to internal control and had to "eat a lot of crow". Had SOX been fully implemented earlier, the Wall Street melt down would have been impossible. If you do not think corporate fraud from the lowest to the highest levels occurs, there are plenty of numbers published on the subject and SOX audits, both financial and IT, have uncovered much of it. One SOX audit I was on, until the client decided to cover things up, involved "late trading", betting on the horse race after it was over. It was soooooooooo easy to do with IT. Since all the trades were time-stamped, you just programmed the clearing house system to back date/time the trade and voila !!! instant guaranteed profit. One large Wall Street investment bank, that is no longer in business after the Wall St melt down, was actually brazen enough to advertise this to clients as a system feature, until the SEC levied the largest fine in history on them. Yes, fraud is alive and well in corporate America and IT makes it ever so easier "Locks are made to keep honest people honest, not stop a thief" The best you can ever do with a thief is slow him down till he gets discouraged or caught. Sometimes honesty and integrity are just plain good business. Tom Huegel <tehue...@gmail.com> Sent by: The IBM z/VM Operating System <IBMVM@LISTSERV.UARK.EDU> 12/09/2010 12:00 PM Please respond to The IBM z/VM Operating System <IBMVM@LISTSERV.UARK.EDU> To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Vswitch Grant as a CMD in User's Directory? Does it really matter? SOX is just another way congress has come up with to destroy the American economy, and in fact the American way of life. Besides all of our passwords are probably available on Wikileaks anyway. Don't you just love the airport scanners and patdowns? On Thu, Dec 9, 2010 at 8:40 AM, Schuh, Richard <rsc...@visa.com> wrote: Not necessarily, there is LOGONBY. They need only know their own passwords. Should anyone have full authority including all the passwords? If so, who? Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark > Sent: Wednesday, December 08, 2010 8:32 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Vswitch Grant as a CMD in User's Directory? > > On Wednesday, 12/08/2010 at 03:11 EST, RPN01 > <nix.rob...@mayo.edu> wrote: > > But, should you have to have an external security manager > for a system > where > > the majority of users are disconnected guest operating systems? > > Yes. > > > Most of > > today's z/VM systems have a bare minimum of real human users. CP is > > the security manager for us, and it's sufficient to control the wild > ramblings > > of, oh, say, the four people who need access. > > Those four people know all the passwords. There is no > accountability and no plausible deniability. You have de > facto password sharing, something I have yet to see > countenanced by any IT organization.