CyberSecurity Institute

These two areas of the act — sections 302 and 404, respectively — are certainly key, and one out of three financial officers charged with ensuring their company reaches compliance with financial regulations cites them as the most challenging, according to a survey from Protiviti, which provides independent internal audit and business and technology risk consulting services.

However, 27 percent say aligning audit committee activity with legal and regulatory requirements is the most difficult part of Sarbanes-Oxley, and 23 percent cite recruiting an audit committee financial expert. “Publicly traded firms remain under intense pressure from boards and shareholders to meet the new governance requirements of Sarbanes-Oxley, the SEC, the exchanges and other regulatory bodies,” Protiviti Managing Director Everett Gibbs says.

1. Four out of 10 CFOs overall and 33 percent at large companies say the act has led or will lead to changes in the makeup of their boards or board committees.
2. In 83 percent of firms, management decided on its own to provide more information to the board and its committees.
3. Slightly less than half of the companies surveyed have formed a disclosure committee.
4. Disclosure committees are more common among large companies (74 percent have formed one) than small companies (33 percent).
5. Ensuring the independence of external auditing is also a priority for CFOs.
6. A number of survey respondents say it’s still too early to know how much it costs to reach full compliance with Sarbanes-Oxley.

More info: [url=http://www.bankinfosecurity.com/?q=node/view/556]http://www.bankinfosecurity.com/?q=node/view/556[/url]

The attack began Saturday night and by Sunday morning the software firm’s site was completely flooded with requests, Utah-based SCO said.

While infected PCs were supposed to start inundating the main SCO Web site with data starting at 4:09 pm GMT (8:09 am PST), the site had been nearly inaccessible for a 16-hour period prior to the scheduled start of the attack, according to Internet performance measurement firm Netcraft. The outage could have been due to a large number of infected computers having their clocks set to the wrong time.

“This is the biggest single (denial of service) attack ever,” Mikko Hypponen, director of antivirus research at F-Secure, wrote in an update on the security company’s Web site. In its statement on Sunday, SCO it still “had a series of contingency plans to deal with this problem,” but would wait until Monday–at about 5 a.m. PST–to communicate them.

The attack aimed at Microsoft by computers infected with the B variant of MyDoom is not expected to have as much effect because that version hasn’t spread as widely, said Vincent Weafer, a senior director at computer-security company Symantec.

More info: [url=http://zdnet.com.com/2100-1105_2-5151572.html]http://zdnet.com.com/2100-1105_2-5151572.html[/url]

The email worm became the world’s fastest spreading virus, after 1.5 million copies of emails sent out to infect machines were intercepted in the first 24 hours.

The creators of MyDoom.A plan to use those “back doors” to co-ordinate a mass attack on the website of US software firm SCO, starting tomorrow.

More info: [url=http://www.smh.com.au/articles/2004/01/30/1075340841697.html]http://www.smh.com.au/articles/2004/01/30/1075340841697.html[/url]

Launched Wednesday by the National Cyber Security Division of the Department of Homeland Security, the alerts will be available to members of the public as well as technology professionals responsible for the security of infrastructure systems.

Interested parties can subscribe to the alerts online: [url=http://www.us-cert.gov/]http://www.us-cert.gov/[/url]

Amit Yoran, director of the National Cyber Security Division, said each computer connected to the Internet is a point of vulnerability in the spread of malicious attacks. Individual computer users who don’t patch vulnerabilities in their systems, keep antivirus definitions up-to-date or take precautions when opening e-mail attachments are the biggest contributors to the spread of viruses and worms.

The alerts will include announcements about current attacks as well as information for users about how to protect their systems before attacks occur. The alerts also will provide background information about computer scams and other fraud that may occur online. In addition, the department will provide security bulletins containing vulnerability announcements, patches and work-arounds to security professionals in charge of computer networks to help them protect national infrastructure and e-commerce systems.

Yoran said the alerts will be digitally signed by the department so users can distinguish them from fake alerts that attackers might send out with virus attachments.

One of the main parties providing information is the Computer Emergency Readiness Team, or CERT, at Carnegie Mellon University.

More info: [url=http://www.wired.com/news/business/0,1367,62078,00.html?tw=rss.TOP]http://www.wired.com/news/business/0,1367,62078,00.html?tw=rss.TOP[/url]