RE: audit suggestion

  • From: ryan_gaffuri@xxxxxxxxxxx
  • To: DGoulet@xxxxxxxx, <jkstill@xxxxxxxxx>, <KATHERINE_KAYLOR@xxxxxxxxxx>
  • Date: Mon, 24 Jan 2005 19:12:59 +0000

what happened at enron/worldcom came from the CEO. Sarbox wouldn't have done 

Here is a funny story about the procedures at NASA Goddard in Greenbelt, MD. I 
know a project manager there. They went through a long and drawn out security 
audit last year. After the audit took place he had a problem with his password 
and called the government help desk. The help desk person gladly told him his 
password. The government people were not even required to even encrypt 
passwords. As we all know, many many people use the same password all over the 
-------------- Original message -------------- 

> Jared, 
> Make that an "empty but warm & fuzzy feeling". One thing I've 
> learned from the latest SarBox round here is that it stops nothing, just 
> makes you document the norm. What happen at Enron/WorldCom was not the 
> norm, therefore not controllable under SarBox. In the end the folks who 


Other related posts: