Sarbanes-Oxley and Click&DECiDE
What is Sarbanes-Oxley?
The Sarbanes-Oxley Act of 2002 also known as the Public Company Accounting
Reform and Investor Protection Act of 2002 (and commonly called SOX
or SarbOx) is a key element for enterprise IT Security Groups and
highly significant in the reform of the reporting, governance and disclosure of
public company financial statments. Section 404 requires that independent auditors
annually attest to the accuracy of internal financial controls. Section 404, in
particular has major implications for IT in general and IT Security in particular.
The reason for the stringent implied mandates for IT security contained in Section
404 is very simple, and leads inevitably to the realization that Sarbanes-Oxley
compliance requires that IT Security be able to protect these systems.
Since IT underlies the very business of recording and reporting all financial activity,
it follows that a lack of control over IT Security would imply a lack of control
over the organization's financial reports, in direct violation of Sarbanes-Oxley
Section 404. Security is therefore a core component of Sarbanes-Oxley compliance.
Sarbanes-Oxley IT Internal Control Challenges
Sarbanes-Oxley mandates that management must establish and report on the internal
control structure and that management's assertions must be audited by an external
firm. The most common challenges facing companies are as follows:
- Collecting and securely archiving security event logs over the long term
- Analysing huge volumes of event log data in real-time
- Securing Access Control and monitoring user management
- Ensuring compliance with configuration policies across all the enterprise systems
- Managing Vulnerabilities
- Mitigating threats in real-time
- Reporting to all the key stakeholders on a regular basis
- Performing forensic analysis
Click&DECiDE 's Solution
Click&DECiDE provides you with the ability to comply with certain of the implicit
IT Security Internal Control Mandates that Sarbanes-Oxley compliance requires. Moreover,
the Dashboard reporting and database log file management capabilities of our solutions
allow organizations to prove that Security policies are being followed correctly.
Click&DECiDE alerts enable you to respond to Security threats and incidents
in a consistent, compliant manner in real-time. Click&DECiDE enables you to
provide both real-time and Network forensic solutions to bring you a Sarbanes-Oxley
compliance solution.
Click&DECiDE provides you with an easy to install, automated solution to reduce
your IT Security workload, render your Security Operations more effective and enhance
your ability to proactively mitigate threats before they become exploits. Sarbanes-Oxley
IT Security Compliance is easier to manage with Click&DECiDE 's real-time and
scheduled Firewalls, VPNs, IDS, Anti-Virus, Web Server and other related IT Device
support solutions.
Download our White Paper
View a Flash Movie of our Solution
Click&DECiDE 's Training Workshops
The changes to business processes reflecting the requirements of Sarbanes-Oxley
will bring about important training needs for employees in the business. We can
help identify training needs and run subsequent programs for relevant staff, including
senior management training explaining their responsibilities.
Improve your understanding of the issues raised by the Internal Controls required
by key international regulations: Sarbanes-Oxley (SOX), SEC 17a-3, a-4, NASD 3010,
3110, La Loi de Sécurité Financière (LSF), PCI DSS, Basel II,
Tabaksblat Code, Lippens Code, that affect the IT function within your organization.
Please contact our Senior Consultant, Benoît Rostagni for more information:
benoit.rostagni@clickndecide.com
Our interactive Training workshops cover the related Governing Bodies (PCAOB, AMF...),
the key internal control frameworks: COSO, COBIT, ISO/IEC 27002 (17799) and the
relationship and alignment between them. We tailor the content of our workshops
to your needs, according to range of topics you select the workshops can range from
1-2 Days.
Read more...
Bringing your company's security up to meet the regulatory standards may require
various changes, for example managing the reams of log data in your database, managing
your database volumes. We help you store, aggregate and purge your data, decrease
your database volumes and easily analyze and report pure business intelligence knowledge
in real-time, tailored to each of your department's specific needs. Please contact
us to see how we can help you: sales@clickndecide.com
|
