Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge > NetSparsh - Viral Content you Love & Share

Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company's systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Retirement Security: Fire And Fury In Telecommunications
Seeking Alpha
AT&T's merger with Time Warner has hit a brick wall and the market is celebrating. Here's what I'm doing. How about you? Subscribers to "Retirement: One Dividend At A Time" got an early look at this material via free instant text message trade alert ...

and more »

Forbes

How This Millennial Went From A High School Dropout To Cyber Security Expert
Forbes
Manan Shah, the 24-year-old founder of cyber security firm Avalance Global Solutions, is one of the top cyber security experts, but his path to the top was far from traditional. A high school dropout and former hacker, Shah had to overcome run-ins with ...


TechCrunch

Tortuga Logic raises $2 million to build chip-level security systems
TechCrunch
Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security. Based in Palo Alto, the company plans to use the cash to build products that will find “lurking vulnerabilities ...


Fox News

Schools adept at shoring up security at any hint of danger
Fox News
Schools have become adept at rapidly shoring up security, measuring responses against the toll it could take on students' learning and sense of safety. The president of the National Association of School Resource Officers says schools regularly ...

and more »

New York Times

Homeland Security Official Resigns Over Remarks on African-Americans and Muslims
New York Times
WASHINGTON — The Department of Homeland Security's head of outreach to religious and community organizations resigned on Thursday after audio recordings revealed that he had previously made incendiary remarks about African-Americans and ...
Homeland Security Official Who Blamed Slums On 'Lazy Blacks' QuitsHuffPost
Homeland Security official Jamie Johnson resigns after comments ...Washington Post
Homeland Security's head of community outreach resigns over past controversial comments on black community, IslamCNN
Fort Dodge Messenger -New York Daily News -The Hill -FEMA.gov
all 71 news articles »

North Darfur security: Swiss aid worker released, kidnappers held
ReliefWeb
The security authorities in North Darfur announced on Wednesday that kidnapped Swiss aid worker Margaret Schenkel has been “released from her captors in a mountainous area during a professional security operation”. The head of the National ...

and more »

UN News Centre

Russia again vetoes extension of chemical experts in Syria
ABC News
And it was Russia's 11th veto of a Security Council resolution dealing with Syria, its close ally. Russia cast its latest veto Friday night on a last-ditch resolution by Japan to extend the mandate for 30 days for further discussions. It was supported ...
Security Council fails at fresh attempt to renew panel investigating chemical weapons use in SyriaUN News Centre
Security Council Considers 30-day Extension on Syria ExpertsVoice of America
The Investigation Into Chemical Attacks in Syria Is Fizzling Out After a Security Council ShowdownTIME

all 599 news articles »

UN News Centre

At Security Council, UN chief urges cooperation to tackle security challenges in Mediterranean
UN News Centre
17 November 2017 – The Mediterranean – a confluence of civilizations, cultures, religions, trade and migration – is facing multiple security challenges, such as terrorism, illicit trade in narcotics, environmental degradation and forced displacement ...

and more »

Computerworld

Strong and stable: The iOS security guide
Computerworld
So, what's the weakest point in mobile device security? Sadly, it's you. From tapping links in phony emails to accessing confidential password-protected information using open public Wi-Fi hotspots to simply using the same password everywhere: All ...

and more »

KING5.com

Seattle police plan security for tree lighting ceremony
KING5.com
Seattle police have a plan to secure next week's holiday tree lighting ceremony in Westlake Park, and it makes room for protesters to exercise their first amendment rights. "It's the kickoff for the holiday season," said James Sido, DSA spokesperson ...

Google News

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

What is Spyware?

The most frustrating part of having Spyware on your computer... Read More

Hacking the Body Via PDA Wireless Device

First I would like to stress I am condoning the... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

Identity Theft ? Beware of Phishing Attacks!

"Dear Bank of the West customer", the message begins. I've... Read More

With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions

High-tech private investigators are becoming the answer for many Internet... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

Spy Scanners ? Don?t Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually... Read More

Viruses, Trojans, and Spyware - Oh My!

Have you ever had to call Symantec or McAfee to... Read More

Web Browsing - Collected Information

You may not realize it, but as you are surfing... Read More

Identity Theft -- 10 Simple Ways to Protect Your Good Name!

Identity Theft is one of the most serious problems facing... Read More

Mall Protection

The Loss Prevention Manager should be receptive to the needs... Read More

Computer Viruses - How to Remove a Computer Virus from Your Computer

Computer viruses infect millions of computers every day. Viruses can... Read More

Do You Know What your Kids Are Doing Online?

It's a sad statistic, but hundreds of unsuspecting kids are... Read More

Securing Your Accounts With Well-Crafted Passwords

In the past I've never really paid much attention to... Read More

Top Five Online Scams

The top five online scams on the Internet hit nearly... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

Spyware, This Time Its Personal!

First the basic definition of Spyware: It is a type... Read More

Breaking Into Your PC: News...

You'd better learn news from media, not from emails, security... Read More

Why Malicious Programs Spread So Quickly?

It seems that nowadays cybercriminals prefer cash to fun. That... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First,... Read More

Web and Computer Security

Well, if that would have been said to me by... Read More