Thursday, 17 May 2012
SOX, Lies, and Security Matters
SOX, Lies, and Security Matters
By Kelvin Lim, Regional Director, Southeast Asia, Check Point Software Technologies | Dec 18, 2008
0 comments
Digg
PrintThe Sarbanes-Oxley (SOX) Act has been around for more than 6 years. To the uninitiated, SOX seems like a single set of rules. However, SOX is a multidisciplinary piece of legislation that regulates several professions simultaneously, ranging from board members, CEOs, CFOs, auditors, attorneys, management, business owners, and even rank-and-file employees, all of which have statutorily scripted roles to play.
But how do companies find an IT security solution that offers the most proven, unified security architecture, both for protecting information and complying with these increasing regulations?
About internal controls
An internal control for SOX is a process that provides reasonable assurance that financial reporting, and preparation of financial statements for external processes are in accordance with Generally Accepted Accounting Principles (GAAP). Controls include recording of transactions, maintenance of transaction records, and acquisition, use, or disposition of assets that could be considered “material” to reporting.
Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Control Objectives for Information and related Technology (COBIT) are part of the SOX compliance framework. Such frameworks offer a disciplined approach to identify appropriate risks, protecting appropriate data (including the financial data that drives financial reporting), ensuring unalterable audit trails, and documenting the security controls in place. Without a common structure like COSO and COBIT, an enterprise may have to educate an auditor on the breadth and depth of its specific framework.
COSO framework
The United States Securities and Exchange Commission (SEC) states that a suitable and recognized framework, having been established through public due process, must be used to evaluate internal controls. It points out that COSO Internal Control - Integrated Framework is one framework that meets the criteria.
COSO, a voluntary private sector organization that aims to improve quality of financial reporting through effective corporate governance, identifies five essential components of effective internal control.
Similar
Add comment
knowledge_central_tab
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.
