The Sarbanes-Oxley Act of 2002 was designed to reform the reporting, governance, and disclosure of public company financial statements. Sarbanes-Oxley (SOX) mandates that public companies demonstrate due diligence in the disclosure of financial information and maintain internal controls and procedures for the communication, storage, and protection of that data. While not explicitly mentioned in the legislation, IT security is a central requirement of Sarbanes-Oxley compliance. SOX requires companies to assess any risk associated with information technology or the internal process that may impact the accurate and timely reporting of financial information. Specifically, SOX requirements include:
- Section 302: Establishes the responsibilities of the CEO and CFO for establishing and maintaining internal controls.
- Section 404: Requires management to assess the effectiveness of internal controls, obtain external validation of those controls, and provide assurances that financial/accounting processes are protected from unauthorized usage.
- Section 409: Requires real-time disclosures of material events.
Meeting the Compliance Challenge
Faced with the penalties for non-compliance hefty fines and possible jail time companies need a comprehensive, enterprise security system that will address these common, best practice control objectives: Information security, vulnerability assessment, asset identification, configuration policy, threat detection and response, policy enforcement, and monitoring. The Axxera SIEM System is ideally suited to help your company achieve Sarbanes-Oxley compliance. The CI SIEM System is a integrated solution for Security with Ticketing System, Portal and under the same management console. This intelligent cyber security approach provides an efficient and effective layered security defense protecting network assets before, during, and after an attack ensuring that your financial systems are protected from unauthorized access. These tasks can also be accomplished by
- Firewall Management
- IDS / IPS Management
- Security Consulting for Assessment and establish Security Policies
- Email Encryption
- Data Loss Prevention
- Vulnerability Assessment
Axxera Supports SOX Requirements
CI SIEM System helps your organization comply with Sarbanes-Oxley requirements.
Control Objective/Axxera’s Approach
Appropriate controls are in place to prevent unauthorized access via public networks. Axxera SIEM represents several best practice controls to secure networks from unauthorized use including, intrusion prevention, vulnerability assessment, asset discovery, and network behavior analysis in certain cases integrate with best of breed Security tools and integration with over 250 3rd party products ( Symantec, McAfee, Entrust, Encase, E-Detective, Lumension etc ) Monitoring logging and reporting of security incident and system monitors, logs, and reports security events from IDS/IPS, potential vulnerabilities, and violations of configuration and acceptable use policies. Authorized software on company IT assets/Users may set and automatically enforce authorized software policies. CI SIEM passively identifies the assets, OS, protocols, and applications present on your network in real time. System infrastructure is properly configured to prevent unauthorized access/A baseline configuration policy can be automatically enforced in real time. Security Incident Response, analysis of incidents and established incident response process via state of the art ticketing system, portal and console automating remediation or alerting the incident response team via SOC ( Security Operation System ) Periodic testing and assessment is performed confirming the infrastructure is appropriately configured and exceeds the requirement performing configuration policy enforcement in real time.