|
|
|
Sentencing Rules Pressure CIOs
Accused CEOs could fire IS execs to avoid Sarbox
punishment
Proposed sentencing guidelines for Sarbanes-Oxley Act violations, scheduled to take effect Nov. 1, bring risks for CIOs. While it's unlikely any CIOs would go to jail under the proposal, which awaits congressional approval, legal experts say the guidelines could set up CIOs to be the fall guys if another C-level executive faces conviction.
The proposed guidelines, published by the U.S. Sentencing Commission in its May 1 report to Congress, attempt to spread accountability for unethical or illegal behavior throughout a corporation. If any C-level executive, not just the CEO or the CFO, is responsible for such behavior, he can now go to jail. This isn't a big deal for CIOs—unless they're engaged in Enron-style fraud or they're charged with their company's Sarbanes-Oxley compliance efforts. Most CIOs aren't in charge of compliance
(see "The Sarbox Conspiracy").
The risk for CIOs, says William Bierce, an attorney at Bierce & Kenerson, comes from sections of the guidelines that deal with crime detection. Companies that fail to detect behavior like accounting fraud have to hold someone responsible. Since most accounting is done through financial information systems, companies will rely on CIOs to catch problematic transactions. That makes the CIO responsible for detecting fraudulent actions.
The proposal contains a clause that says organizations can avoid punishment if they take "appropriate disciplinary measures" for "failing to take responsible steps to prevent or detect criminal conduct." If a CIO doesn't modify the company's financial system so that illegal or unauthorized transactions are prevented and so that it notifies him when an unusual transaction takes place, then he has failed to take responsibility. Deborah Birnbach, a lawyer with Testa, Hurwitz & Thibeault, says that a company accused of a Sarbanes-Oxley violation should insist that it took appropriate precautions. But if a CEO can avoid jail time by firing a CIO, you can bet your career he'll do it. —Ben Worthen
|
|
Security Products:
Astaro
Security Gateway
Available
in 2,3,4,or 6 port.
Other
models scale to 23 ports
and
from a 10 user network to an enterprise network.
Award
winning, Rock-solid network security, simple and affordable.
"...exceptionally
polished and extremely robust security gateway for a very
reasonable price.... the most polished and easy to use
Web-based management system we've seen to date." ---
INFOWORLD
Astaro provides six essential security applications in one easy-to-manage package that protects organizations from hackers, viruses, worms, spam and other threats to security and productivity.
Astaro Security Linux offers:
 |
firewall |
|
intrusion
protection |
|
e-mail
virus protection |
|
web
virus protection |
|
spam
protection |
|
VPN
gateway |
|
URL filtering capabilities. |
A unified management platform makes it easy to deploy,
administer, and update a complete network security solution with surprisingly little cost and effort. The software can be installed on a standard Intel PC, or purchased pre-installed on a variety of security appliances.
Based on the best of open source security software, Astaro Security Linux has won numerous awards, and is in use on over 20,000 networks in 60 countries.
Astaro
security Linux is extremely scalable, with the ability to
protect small office home office/remote office to enterprise
implementations incorporating features such as
High availability, VLANs, Qos and a configuration manager to
manage multiple sites from a
single management platform.
Prices
start at $390 for a 10 user license. Educational discounts
are available.
Intrusion
Prevention Systems
Vulnerability
Scanners
Firewalls
| Astaro Security Linux |
| Netscreen |
| Checkpoint |
Management
Virus
Control
| Astaro Security Linux |
| Mail Marshall |
Content Filter
| Astaro Security Linux |
Services
| Security audit |
| Perimeter Vulnerability Scan |
| Router/ switch optimization for
security |
| Firewall checking and configuration |
| VPN Design and Implementation |
| Network design |
| network based application analysis |
| Network Baselining |
| Security baselining |
|
|
  
This mailing has been performed by Aavex Technology
Corporation
42w588 Still Meadows Lane, Elburn IL 60119 USA, 630-365-0025 in compliance
with the "CAN-SPAM Act of 2003", approved and signed by
the president of The United States of America on Dec. 16, 2003. For this
reason, this email cannot be considered SPAM This newsletter contains
commercial advertisement.
|
|
