| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Dec 2 03:57:01 2005 From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh) Subject: Re: SOX whistleblowers' clause Compliance See below marc email part >> Aditya Deshmukh [aditya.deshmukh@...ine.gateway.strangled.net] wrote: >> >>If you read the last line in para 6 you will find that anon >> mailbox is >> a requirement for SOX compliance. >> >> >And mailbox was ment for email Michael :) >> >> >But I think that "with a post and some concrete" mailbox >> will be Indeed >> be far more secure..... > From: Madison, Marc [mailto:mmadison@...i.com] > IANAL, But IMO use an Intranet web page that allows employees > to submit > anonymous html post to the web server via html. Now if your security > policy is pervasive then surely auditing is enabled on all > your systems, > thus removing any anonymity this would have provided. Have you > considered, dare I say, outsourcing? I only say this since > part of the > requirement calls for the company to provide sufficient anonymity to > individuals reporting issues. By the way the SOX whistleblowers > requirements have already been challenged in court so there might be > precedence on what is sufficient. You must be a mind reader - you just read my mind. And google search shows Some email providers giving out this service for about US$ 89.99. Maybe that is the best solution after all... You don't break your security policy and the auditors are also happy. ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Powered by blists - more mailing lists