lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAANASp/bip1hHgg1O1cfiAEPCgAAAEAAAAMSRSOC8AwBFun1BJ8aFMswBAAAAAA==@online.gateway.strangled.net>
Date: Fri Dec  2 03:57:01 2005
From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh)
Subject: Re: SOX whistleblowers' clause Compliance

See below marc email part

>> Aditya Deshmukh [aditya.deshmukh@...ine.gateway.strangled.net] wrote:
>> 
>>If you read the last line in para 6 you will find that anon 
>> mailbox is
>> a requirement for SOX compliance. 
>> 
>> >And mailbox was ment for email Michael :)
>> 
>> >But I think that "with a post and some concrete" mailbox 
>> will be Indeed
>> be far more secure..... 

> From: Madison, Marc [mailto:mmadison@...i.com] 
> IANAL, But IMO use an Intranet web page that allows employees 
> to submit
> anonymous html post to the web server via html.  Now if your security
> policy is pervasive then surely auditing is enabled on all 
> your systems,
> thus removing any anonymity this would have provided.  Have you
> considered, dare I say, outsourcing?  I only say this since 
> part of the
> requirement calls for the company to provide sufficient anonymity to
> individuals reporting issues.  By the way the SOX whistleblowers
> requirements have already been challenged in court so there might be
> precedence on what is sufficient.

You must be a mind reader - you just read my mind. And google search shows 
Some email providers giving out this service for about US$ 89.99.

Maybe that is the best solution after all... 

You don't break your security policy and the auditors are also happy.


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ