Your Guide to Good-Enough Compliance
In November 2005, Jason Spaltro, executive director of information security at US-based Sony Pictures Entertainment, sat down in a conference room with an auditor who had just completed a review of his security practices. The auditor told Spaltro that Sony had several security weaknesses, including insufficiently strong access controls, which is a key Sarbanes-Oxley requirement.