Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company's systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

In The News:


Aljazeera.com

Milo Yiannopoulos' security cost UC Berkeley $800,000 | Far Right ...
Aljazeera.com
US university grappling with budget cuts and layoffs spends sum on security for far-right speaker's 15-minute rally.

and more »

Gizmodo

Source: Deloitte Breach Affected All Company Email, Admin Accounts
Krebs on Security
In its statement about the incident, Deloitte said it responded by “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside ...
One of the World's Biggest Accounting Firms Hacked After Basic Security GoofGizmodo
Industry reactions to the Deloitte cyber attackHelp Net Security

all 88 news articles »

ZDNet

Microsoft adds new Microsoft 365 versions, plus security and management features
ZDNet
Microsoft is adding new Microsoft 365 bundles, and adding more features to these integrated Windows, Office 365 and Enterprise Mobiity + Security management and security subscription offerings. Microsoft introduced Microsoft 365 at its Inspire ...
Microsoft looks to the cloud to expand its security offeringsTechCrunch
Ignite 2017: Improving Security via the Microsoft's Intelligent Security GraphWindows IT Pro

all 188 news articles »

Forbes

Security Concerns Again Hang Over Winter Olympics
Forbes
The PyeongChang 2018 Olympic medals during their unveiling at a ceremony in Seoul on Sept. 21. (Photo by JUNG YEON-JE/AFP/Getty Images). North Korea ramped up its vitriol on Monday, undoubtedly increasing concerns by athletes who are preparing ...
South Korean Olympic chief downplays security concernsUPI.com

all 48 news articles »

Bloomberg

SEC Says It Told US Security Officials of Hack Months Ago
Bloomberg
The U.S. Securities and Exchange Commission told government cybersecurity officials about a hack into its database of corporate filings soon after it happened last year, months before the agency's new chairman made the breach public. Since disclosing ...

and more »

Daily Signal

Trump's New Travel Ban Is Standard Security Policy
Daily Signal
President Donald Trump's latest travel executive order restricts travel from seven countries that are known state sponsors of terrorism or have failed to work effectively with the U.S. against emerging threats. (Photo: Jonathan Ernst/Reuters /Newscom) ...
President Trump's New Travel Executive Order Has Little National Security JustificationCato Institute (blog)
White House expands travel ban, restricting visitors from eight countriesWashington Post

all 835 news articles »

cleveland.com

Cleveland Browns security guard robbed at gunpoint near FirstEnergy Stadium
cleveland.com
Darnell Hurt, an employee at Contemporary Services Corporation, which provides security for the Browns, said he was walking to the stadium to catch a bus that would take him and other employees to Indianapolis where they would provide security for the ...


Macworld

Report: Security hole in macOS Keychain puts passwords at risk
Macworld
Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week's iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.
macOS High Sierra Automatically Performs Security Check on EFI Firmware Each WeekMac Rumors
Ex-NSA hacker drops macOS High Sierra zero-day hours before launchZDNet
High Sierra validates Mac firmware weekly, alerts users to possible security issuesAppleInsider (press release) (blog)

all 106 news articles »

East Bay Times

Safeway adds security, OKs arresting trespassers at downtown Concord store
East Bay Times
15 letter to Mayor Laura Hoffmeister, the supermarket chain responded to the city's concerns about shoplifting, trespassing and security at the downtown grocery store. Safeway confirmed plans to paint the building's exterior, evaluate the parking lot ...

and more »

WKRN.com

Church shooting suspect worked for security company less than 12 hours before Antioch attack
WKRN.com
NASHVILLE, Tenn. (WKRN) – The man arrested for the deadly shooting at an Antioch church Sunday applied for a security guard license Friday before the attack, and worked as a security guard Saturday night . Emanuel Samson attended a class for ...
Antioch Church Gunman Attended Unarmed Security Training Class Before AttackNewsChannel5.com
Alleged Antioch church gunman tried to renew security license days before shootingWZTV

all 618 news articles »
Google News

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

Are You Surfing Safe?

Ok, you've got a computer, and you get online. You... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Spyware, What It Is, What It Does, And How To Stop It

Spyware is software that runs on a personal computer without... Read More

How To Avoid Hackers From Destroying Your Site?

Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More

Keeping Worms Out of Your Network...

No auntie Sookie, not earth worms, computer virus worms that... Read More

Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers

I am the victim of an internet scam. It is... Read More

Securing Your Accounts With Well-Crafted Passwords

In the past I've never really paid much attention to... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

Message Board Security Problems

Security leaks can be a big problem for any site... Read More

Spyware is Not Like a Nosy Neighbor

Remember the television show about the nosy neighbor Mrs. Kravitz... Read More

Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

Spyware Protection Software

Spyware protection software is the easiest way of removing spyware... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

Lottery Scam, What It is and how to Avoid It?

Internet scams and frauds are on the rise! The quantity... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

The One Critical Piece Of Free Software Thats Been Overlooked

Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More

Computer Security

What is computer security? Computer security is the process of... Read More

If You Steal It, They May Come!

Business on the internet is getting down right shameless. This... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

1. Geek Superhero http://www.deprice.com/geeksuperhero.htmGeek Superhero watches your computer for changes,... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

3 Steps to Ending Scams and Virus Problems

Watching how the traditional media covers the latest virus or... Read More

Its Time to Sing the Encryption Song - Again!

Yes, I'm wearing my encryption hat again. Why you may... Read More