You are very correct. It would be nice if there was one set of regulations to cover all.
Unfortunately we are having laws being generated for various non-related issues. (Health and the Enron scandal). I have spent the last 4 years dealing with HIPAA (Privacy/Security) and my company is now assisting in the implementation of the Sarbanes-Oxley act for Wellpoint Health Networks across the USA. We have assessed the impact with the other acts that we all have been working on (GLB, HIPAA and the regs being put out by all the federal agencies). Because of this we have proven methods of getting it all done and in a timely manner. If you have any specific questions on how this will (or if it will) affect you please email me at [EMAIL PROTECTED] or [EMAIL PROTECTED] Please put the subject as SOX question. Regards, David Artis www.hipaasecurerx.com [EMAIL PROTECTED] 813-842-6578 -----Original Message----- From: Moya Gray [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 12:02 PM To: WEDI SNIP Security Workgroup List Subject: RE: FTC Security Rule Walter Your email message is most appropriate. The impact of Sarbanes-Oxley has yet to be assessed in combination with GLB, HIPAA and the regs being put out by all the federal agencies. I have, for a very long time now, advocated repeal of all these various laws in favor of one umbrella privacy/security law. Thisi multiple compliance problem is far most costly than HIPAA alone and will cause more and more problems. Moya T. D. Gray, J.D. 1283 Honokahua Street Honolulu, Hawaii 96825 808-381-3732 808-396-6731 [EMAIL PROTECTED] -----Original Message----- From: Total Enterprise Security Solutions [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 5:51 AM To: WEDI SNIP Security Workgroup List Subject: RE: FTC Security Rule Let me add another log to the fire. How many know or understand the Sarbanes -Oxley Act. You will be surprised who is affected by this law/act. Go to www.ISACA.org and download the paper IT Controls Objectives for Sarbanes-Oxley Act. There are about 22 pages of controls that need to be address to ensure that financial systems are secure from fraud, tampering, etc. Have fun folks! It is my belief that in the future, security will be the most important organization in IT due to the laws that are passed at the federal and state level. Then and only then will organizations know the value of the security professional. Walter S. Kobus, Jr., CISM CISSP NSA-IAM Total Enterprise Security Solutions, LLC (919) 345-7449 www.TESS-LLC.com "Security is a chain within the infrastructure and is as secure as its weakest link. It is not a product nor a series of technologies but a process of solutions measured against the business needs of the organization." -ws --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org