Re: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
On 12/2/05, Aditya Deshmukh <[EMAIL PROTECTED]> wrote: >> > Why cant you use google to find out this ?>> The same reason you can't use Google and find your answer fuckbag. Are you n3td3v ?In the spirit of full-disclosure I support anyone's [doesn't matter if it is a troll like infosecbofh or netdev] right to express their opinion, but turning abusive should be a reason enough to be kicked off any public mailing list. I have already filtered out these people, but I still get to read some of the abusive emails because some others feel that these people deserve a reply. Can the moderator please issue a warning to these abusive trolls? Also is it too much to ask the "great security minds" in this list to contain their need to reply to these trolls? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
And if you had used Google in the first place shitbreath, You would not have written your original email. Oh and I am not n3td3v. My morning shits are smarter than n3td3v and contain more intelligence. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
> > > Why cant you use google to find out this ? > > The same reason you can't use Google and find your answer fuckbag. Are you n3td3v ? > > > *In the para 4* > > "Protecting whistleblowers is an essential component of an ethical > > and open work environment." > > No mention of an anon email address here. > > > > *In para 6* <- this is the one that you want > > several options for employees to raise concerns, including the > > option of raising a concern anonymously. > > Again, not specifying email. A simple drop box in the lunchroom > facilitates this. "A simple drop box in the lunchroom" will not work when you have a client that is big enough to have branches distributed all over the place. Anon Email is the best solution for this - you don't have to manually Check the boxes in all the locations with the headache of keeping the Contents of the box classified. And if you had read my first email *and* comprehended what I had asked you would have not being writing the mail that I am responding to. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
See below marc email part >> Aditya Deshmukh [EMAIL PROTECTED] wrote: >> >>If you read the last line in para 6 you will find that anon >> mailbox is >> a requirement for SOX compliance. >> >> >And mailbox was ment for email Michael :) >> >> >But I think that "with a post and some concrete" mailbox >> will be Indeed >> be far more secure. > From: Madison, Marc [mailto:[EMAIL PROTECTED] > IANAL, But IMO use an Intranet web page that allows employees > to submit > anonymous html post to the web server via html. Now if your security > policy is pervasive then surely auditing is enabled on all > your systems, > thus removing any anonymity this would have provided. Have you > considered, dare I say, outsourcing? I only say this since > part of the > requirement calls for the company to provide sufficient anonymity to > individuals reporting issues. By the way the SOX whistleblowers > requirements have already been challenged in court so there might be > precedence on what is sufficient. You must be a mind reader - you just read my mind. And google search shows Some email providers giving out this service for about US$ 89.99. Maybe that is the best solution after all... You don't break your security policy and the auditors are also happy. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
Google "sox whistleblowers" = hard work But let me help you, http://www.whistleblowers.org/html/sox_whistleblower_statute.htm jeff Wilder wrote: >Can some please send me the actual regulation that states or validates the comments of >http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm ? >I am in this very situation right now. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
Can some please send me the actual regulation that states or validates the comments of http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm ? I am in this very situation right now. -Jeff Wilder CISSP,CCE,C/EH -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M-- V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++ G e* h--- r- y+++* --END GEEK CODE BLOCK-- From: "Aditya Deshmukh" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: "'InfoSecBOFH'" <[EMAIL PROTECTED]> CC: full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance Date: Thu, 1 Dec 2005 11:36:10 +0530 MIME-Version: 1.0 Received: from lists.grok.org.uk ([195.184.125.51]) by bay0-mc7-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 30 Nov 2005 22:20:01 -0800 Received: from lists.grok.org.uk (localhost [127.0.0.1])by lists.grok.org.uk (Postfix) with ESMTP id D0597A1C;Thu, 1 Dec 2005 06:19:51 + (GMT) Received: from Online.GateWay.TechnoPagans.COM (unknown [220.224.19.31])by lists.grok.org.uk (Postfix) with ESMTP id CA6009C8for ;Thu, 1 Dec 2005 06:19:04 + (GMT) Received: from c5 (localhost [127.0.0.1])by Online.GateWay.Strangled.NET with ESMTP (Mailtraq/2.7.1.1894) idONLN2AF3A0C3; Thu, 01 Dec 2005 11:36:12 +0530 X-Message-Info: JGTYoYF78jGGLGElHpjcGS/5PgtYfJvSs6ruuz19gQA= X-Original-To: full-disclosure@lists.grok.org.uk Delivered-To: full-disclosure@lists.grok.org.uk Organization: Enterprise Security Solutions X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: AcX1/vYkXiB6TIi0ToWrzUWPg4XoCgAPLSow X-Hops: 1 X-BeenThere: full-disclosure@lists.grok.org.uk X-Mailman-Version: 2.1.5 Precedence: list List-Id: An unmoderated mailing list for the discussion of security issues List-Unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:[EMAIL PROTECTED]> List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure> List-Post: <mailto:full-disclosure@lists.grok.org.uk> List-Help: <mailto:[EMAIL PROTECTED]> List-Subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:[EMAIL PROTECTED]> Errors-To: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Dec 2005 06:20:03.0962 (UTC) FILETIME=[445375A0:01C5F63F] > Seeing how my question was ignored. I will tell you the answer. > > There is no requirement in SOX to do this. Why cant you use google to find out this ? --- http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm *In the para 4* "Protecting whistleblowers is an essential component of an ethical and open work environment." *In para 6* <- this is the one that you want "Provide Employees Multiple Avenues to Report Concerns" While employees will hopefully feel comfortable raising concerns directly with their supervisors, many employees are reluctant to raise concerns with line management for fear of retaliation, especially where their concerns pertain to unethical or illegal conduct by their line managers. Therefore, nonprofits should provide several options for employees to raise concerns, including the option of raising a concern anonymously. --- If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. And mailbox was ment for email Michael :) But I think that "with a post and some concrete" mailbox will be Indeed be far more secure. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
IANAL, But IMO use an Intranet web page that allows employees to submit anonymous html post to the web server via html. Now if your security policy is pervasive then surely auditing is enabled on all your systems, thus removing any anonymity this would have provided. Have you considered, dare I say, outsourcing? I only say this since part of the requirement calls for the company to provide sufficient anonymity to individuals reporting issues. By the way the SOX whistleblowers requirements have already been challenged in court so there might be precedence on what is sufficient. Aditya Deshmukh [EMAIL PROTECTED] wrote: >If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. >And mailbox was ment for email Michael :) >But I think that "with a post and some concrete" mailbox will be Indeed be far more secure. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
> Why cant you use google to find out this ? The same reason you can't use Google and find your answer fuckbag. > *In the para 4* > "Protecting whistleblowers is an essential component of an ethical > and open work environment." No mention of an anon email address here. > *In para 6* <- this is the one that you want > "Provide Employees Multiple Avenues to Report Concerns" > While employees will hopefully feel comfortable raising concerns > directly with their supervisors, many employees are reluctant to > raise concerns with line management for fear of retaliation, > especially where their concerns pertain to unethical or illegal > conduct by their line managers. Therefore, nonprofits should provide > several options for employees to raise concerns, including the > option of raising a concern anonymously. Again, not specifying email. A simple drop box in the lunchroom facilitates this. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
> Seeing how my question was ignored. I will tell you the answer. > > There is no requirement in SOX to do this. Why cant you use google to find out this ? --- http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm *In the para 4* "Protecting whistleblowers is an essential component of an ethical and open work environment." *In para 6* <- this is the one that you want "Provide Employees Multiple Avenues to Report Concerns" While employees will hopefully feel comfortable raising concerns directly with their supervisors, many employees are reluctant to raise concerns with line management for fear of retaliation, especially where their concerns pertain to unethical or illegal conduct by their line managers. Therefore, nonprofits should provide several options for employees to raise concerns, including the option of raising a concern anonymously. --- If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. And mailbox was ment for email Michael :) But I think that "with a post and some concrete" mailbox will be Indeed be far more secure. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
Seeing how my question was ignored. I will tell you the answer. There is no requirement in SOX to do this. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/