Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company's systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Gizmodo

Amazon is now selling home security services, including installations and no monthly fees
TechCrunch
Amazon's made a slew of acquisitions in the area of smart home services, and now it's offering a product that brings them together under one roof — your roof. Amazon has quietly launched a portal offering home security services — which include all ...
Security Researchers Created a 'Skill' that Allows Alexa to Spy on YouGizmodo
Amazon launches home security services; Alexa gains memory, more conversationsSeeking Alpha
Is Alexa spying on YOU? Security researchers reveal how the assistant's code could be tweaked to create new 'skill ...Daily Mail
Boing Boing -Investor Relations Solutions -Tech Times -Checkmarx
all 190 news articles »

Washington Post

Top Homeland Security officials urge criminal prosecution of parents crossing border with children
Washington Post
The nation's top immigration and border officials are urging Homeland Security Secretary Kirstjen Nielsen to detain and prosecute all parents caught crossing the Mexican border illegally with their children, a stark change in policy that would result ...
Homeland Security officials want to prosecute all parents who cross border with kids: reportThe Hill
Lawmakers slam Trump's Homeland Security chief over focus on immigrant caravan, border wallCNN

all 26 news articles »

Digital Trends

Reolink's latest breakthrough pulls the plugs on smart security cameras
Digital Trends
After a string of successes, Hong Kong-based security camera manufacturer Reolink is getting good at crowdfunding campaigns. Its latest project to land with a smash on Indiegogo is the Reolink Go, a powerful 4G-enabled, solar-powered security monitor ...

and more »

Washington Post

Mattis: US would regret delegating security in Syria to a force with no American involvement
Washington Post
Defense Secretary Jim Mattis said Thursday that the United States would regret installing a holding force in Syria without American involvement, indicating military leaders harbor reservations about a White House effort to task Arab militaries with ...

and more »

Herald-Mail Media

WCPS superintendent talks safety, security at listening session
Herald-Mail Media
Safety and security remain on the minds of Washington County Public Schools students and parents as the district works to identify potential improvements. WCPS Superintendent Boyd Michael again fielded questions on the topic during a listening session ...


CNN

Deputy US marshals on Rosenstein security team save woman after fentanyl overdose
CNN
(CNN) Last year, Deputy Attorney General Rod Rosenstein traveled to China to press leaders on the country's export of the lethal synthetic opioid fentanyl to the United States. Days ago, two members of his security detail were confronted with the ...

and more »

Bloomberg

How Short Sellers Built a Business on Security Bugs
Bloomberg
In an email sent to the general security inbox maintained by the Santa Clara, Calif., chipmaker, an executive of a security company located on the other side of the world claimed to have discovered 13 critical vulnerabilities in AMD's line of chips ...


CBS News

National security experts on challenges of the American presidency
CBS News
According to Stephen Hadley, who was national security adviser to George W. Bush for close to a decade, President Trump faces "the most challenging situation we've faced as a country internationally since the end of the Cold War." Hadley also worked in ...

and more »

The Japan Times

Tight security surrounds Kim Jong Un, even more so than previous North Korean leaders
The Japan Times
Ri Yong Guk, a defector from the North who served on a security detail for Kim Jong Il, wrote in a 2013 memoir that as many as six different layers of security guards protected the leader on trips to the countryside to inspect military units, plants or ...
Kim's Jong Un's Security: "Not Even An Ant Can Pass Through"NDTV

all 3 news articles »

Brookings Institution

Redefining national security: Why and how
Brookings Institution
From climate change to public health to migration, global trends formerly considered separate from national security are increasingly understood to shape American security interests at home and abroad. Drawing connections to U.S. national security has ...

Google News

Are You Surfing Safe?

Ok, you've got a computer, and you get online. You... Read More

Watch Out For That Scam

The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More

Email Scams ? Ten Simple Steps To Avoiding Them

According to the Anti-Phishing Working Group (APWG) email scams also... Read More

Viruses and Worms: The Problems and Their Solutions

History and BackgroundThe virus was one of the first ever... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

Spyware Symptoms

Spyware symptoms happen when your computer gets bogged down with... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

Computer-Virus Writers: A Few Bats In The Belfry?

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

Hacking the Body Via PDA Wireless Device

First I would like to stress I am condoning the... Read More

The Important Steps To Protect Your Kids on the Internet

Internet is the ocean of knowledge. In this ocean you... Read More

Are They Watching You Online?

When surfing the Internet you probably take your anonymity for... Read More

With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions

High-tech private investigators are becoming the answer for many Internet... Read More

Phishing

Recently I have received email from my bank/credit Card Company,... Read More

Top 10 tips for Safe Internet Shopping

Over £5 billion pounds was spent on online shopping in... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

Dialing Up a Scam: Avoiding the Auto-Dialer Virus

For many, the daily walk to the mailbox evokes mixed... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

All About Computer Viruses

Your computer is as slow as molasses. Your mouse freezes... Read More

How to Manage Your Username and Password The Easy and Secure Way

Have been an Internet user for more than 9 years,... Read More