Is your enterprise following the rules?
The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.
Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.
Complying with Sarbanes-Oxley
The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:
* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics
These components enable information integrity and data retention, while enabling IT audits and business continuity.
In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:
* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.
Sarbanes-Oxley Section 404
Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.
Effective Email Controls
Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.
An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:
* A capable policy enforcement mechanism to set rules in accordance with each company's systems of internal controls;
* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;
* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;
* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties
In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.
Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.
First, let's do a little recap'. As I stated in... Read More
The Loss Prevention Manager should be receptive to the needs... Read More
Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More
The words Corporate Security may conjure up images of a... Read More
Recently I have received email from my bank/credit Card Company,... Read More
Spyware/adware is a new major concern for PC users everywhere.... Read More
You are at your computer, checking out software on EBay.... Read More
When it comes to reporting Internet scams most of us... Read More
It has been said that with the wealth of information,... Read More
In recent days, I was one of the unfortunate persons... Read More
You'd better learn news from media, not from emails, security... Read More
Imagine my surprise when I received a phone call from... Read More
Today,on most internet user's computers, we have the ability to... Read More
Many of us have run into an annoying and time-consuming... Read More
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
The Federal Bureau of Investigation has identified "phishing" as the... Read More
A crowded marketplace can lead to unethical webmasters using underhand... Read More
Microsoft routinely releases new security updates, many of which are... Read More
Scams involving email continue to plague consumers across America, indeed... Read More
Every single time you access a website, you leave tracks.... Read More
The movie Little Black Book features a young woman, Stacy,... Read More
Well, if that would have been said to me by... Read More
Yes, I'm wearing my encryption hat again. Why you may... Read More
When we think of adware, what comes to mind are... Read More
Identity Theft and Your Personal Information Identity theft is... Read More
Everyone should eliminate spyware and adware from your hard drive... Read More
I am the victim of an internet scam. It is... Read More
You can detect spyware online using free spyware cleaners and... Read More
Never before with Instant Messaging (IM) has a more vital... Read More
Before you enter your name, address or any other data... Read More
Computer security for most can be described in 2 words,... Read More
Every day millions of people go online to find information,... Read More
Over £5 billion pounds was spent on online shopping in... Read More
A couple of days ago, I was searching for a... Read More
Every day millions of people go online to find information,... Read More
Much has been said on the theory of password protection... Read More
Well, if that would have been said to me by... Read More
Never before with Instant Messaging (IM) has a more vital... Read More
It seems that nowadays cybercriminals prefer cash to fun. That... Read More
WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More
Identity theft ? also known as ID theft, identity fraud... Read More
First the basic definition of Spyware: It is a type... Read More
You may not realize it, but as you are surfing... Read More
Despite the current wave of identity theft and corporate security... Read More
These six ways to prevent identity theft offer you valuable... Read More
From the "Ask Booster" column in the June 17, 2005... Read More
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
So you want to know who your kids are chatting... Read More
The money being spent online is steadily growing. With billions... Read More
Having a good Spyware eliminator on your computer is vital... Read More
In 1997, I decided after 15 years as a practicing... Read More
No auntie Sookie, not earth worms, computer virus worms that... Read More
When it comes to reporting Internet scams most of us... Read More
I am the victim of an internet scam. It is... Read More
Every now and then you can read about a new... Read More
Security leaks can be a big problem for any site... Read More
Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More
Be careful of sites that promise to send you "instant... Read More
Afraid that someone is monitoring your PC or installed a... Read More
For many, the daily walk to the mailbox evokes mixed... Read More
Yes, I'm wearing my encryption hat again. Why you may... Read More
As the number of people using the Internet as an... Read More
Imagine my surprise when I received a phone call from... Read More
Monday morning, 6am; the electric rooster is telling you it's... Read More
Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More
The Loss Prevention Manager should be receptive to the needs... Read More
Internet Security |