Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company's systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

In The News:


Kitsap Sun

OC launches investigation of security director
Kitsap Sun
BREMERTON — Olympic College has launched an investigation of complaints against its director of campus safety in light of a vote of no confidence by the union representing security guards. The vote, taken in mid-January, showed 88 percent of members ...


The Sun

Security services knew of glaring weakness in Parliament security after 'war game' simulating attack on Westminster ...
The Sun
SECURITY services were aware of gaps in Parliament's security after a simulated attack ended with most MPs being killed, it has been claimed. A source quoted by the Sunday Times claimed a “table-top” exercise revealed four terrorists with automatic ...
Security chief told MPs they were safe in parliament before attackThe Guardian
Urgent review of security gates of Parliament needed after Westminster attackExpress.co.uk

all 56 news articles »

The Independent

Security breach renders in-flight laptop ban useless
The Independent
The airport which is the main target of the Government's ban on electronic devices has a security flaw that renders rigorous checks futile, The Independent can reveal. After clearing six separate security hurdles at Istanbul airport, passengers bound ...

and more »

Rochester Democrat and Chronicle

JCC receives $200,000 to improve security - Democrat and Chronicle
Rochester Democrat and Chronicle
Funds will be used to upgrade cameras and other measures following two bomb threats at the Brighton facility this month.
JCC of Rochester gets $200,000 for security enhancements | WXXI ...WXXI News

all 4 news articles »

Reuters

Britain reviewing security at parliament after deadly attack
Reuters
Interior minister Amber Rudd told the BBC there would be another review of security at the Palace of Westminster, but that such arrangements were continually assessed. "There are constant reviews and updates so that we have the right form of defense in ...
London attack fuels calls for tighter Westminster securityThe Guardian
London attack: Parliament security under reviewBBC News
Questions over Parliament security as motorcyclist rides through gate shortly after terrorist attackTelegraph.co.uk
Wall Street Journal (subscription)
all 8,418 news articles »

The Japan Times

European security ties 'too precious' for Brexit talks
The Japan Times
LONDON – Britain's intelligence expertise may be “too precious” to use as a bargaining tool in the upcoming Brexit talks, experts said, after a terror attack in London highlighted the need for continued European security cooperation. The suggestion ...

and more »

New System Estimates Cleveland Airport Security Wait Times
U.S. News & World Report
New System Estimates Cleveland Airport Security Wait Times. Cleveland's main airport is developing a system to help travelers more accurately compare wait times at its security checkpoints and better plan their trips. | March 27, 2017, at 12:08 a.m.. MORE.

and more »

Huffington Post

What Don't We Talk About When We Talk About Israel's Security
Huffington Post
When Israeli and American Jews talk about “Israel's security” they are thinking about the Holocaust and about extermination. That is the reason they choose the narrowest possible definition of “security,” a strip. Israel's “security” is what we ...

and more »

Otago Daily Times

Ivory Coast rescinds port security measures, attack threat unfounded
Reuters
"After compiling the information ... it emerged that the threat is not real," the head of maritime security Colonel Bertin Koffi Tano wrote in a second order to the Abidjan and San Pedro port authorities and shipping companies on Sunday. "I ask that ...
Ivory Coast boosts port security over attack threatOtago Daily Times

all 5 news articles »

The Sun

Security alert at Ant and Dec's Saturday Night Takeaway as police called amid claims four men broke into the studio
The Sun
An ITV spokesman said: “A youth who attempted to gain access to the London Television Centre, as a prank, at 11pm last night was quickly apprehended by our security team when he triggered an alarm as he climbed an external wall. “He did not gain access ...
Ant and Dec at centre of security alert after four men tried to 'break into' Saturday Night Takeaway studioMirror.co.uk

all 38 news articles »
Google News

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

Types Of Computer Infections

Computer infections can be broken up into 4 main categories... Read More

Web Browsing - Collected Information

You may not realize it, but as you are surfing... Read More

Viruses, Trojans, and Spyware - Oh My!

Have you ever had to call Symantec or McAfee to... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

Be Aware of Phishing Scams!

If you use emails actively in your communication, you must... Read More

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a... Read More

How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances

Spyware/adware is a new major concern for PC users everywhere.... Read More

Watch Out For That Scam

The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

Arming Yourself Against Spyware

While clicking from site to site on the internet you... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

IPv6 - Next Step In IP Security

IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More

Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

Behavior to Stay Safer Online

1. Importance of a Virus Scanner: A Antivirus program can... Read More

Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to,... Read More

The Important Steps To Protect Your Kids on the Internet

Internet is the ocean of knowledge. In this ocean you... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Are They Watching You Online?

When surfing the Internet you probably take your anonymity for... Read More

The Risk Of Electronic Fraud & Identity Theft

Electronic Fraud and Identity Theft ----------------------------------- Human beings are pretty... Read More

The 5 Critical Steps to Protecting Your Computer on the Internet

Spyware, viruses and worms... oh my!If you are connected to... Read More

Steganography ? The Art Of Deception & Concealment

The Message Must Get Through ----------------------------- The year is 300A.D.,... Read More