lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Dec  1 14:36:18 2005
From: mmadison at fnni.com (Madison, Marc)
Subject: Re: SOX whistleblowers' clause Compliance

IANAL, But IMO use an Intranet web page that allows employees to submit
anonymous html post to the web server via html.  Now if your security
policy is pervasive then surely auditing is enabled on all your systems,
thus removing any anonymity this would have provided.  Have you
considered, dare I say, outsourcing?  I only say this since part of the
requirement calls for the company to provide sufficient anonymity to
individuals reporting issues.  By the way the SOX whistleblowers
requirements have already been challenged in court so there might be
precedence on what is sufficient.


Aditya Deshmukh [aditya.deshmukh@...ine.gateway.strangled.net] wrote:

>If you read the last line in para 6 you will find that anon mailbox is
a requirement for SOX compliance. 

>And mailbox was ment for email Michael :)

>But I think that "with a post and some concrete" mailbox will be Indeed
be far more secure.....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ