• Contact
  • Home
  • Affiliate Disclosure
LCARSCom.Net | The LCARS Computer Network | A Star Trek Fan Site
  • Contact Us
  • Home
  • Business
    • Career
    • Finance
    • Legal
      • Law
      • Pro Services
    • Marketing
      • Digital Marketing
    • Real Estate
  • Culture
    • Automotive
      • Vehicle
    • Baby Care
    • Game
      • Gaming Chair
    • Lifestyle
      • Fishing Kayak
      • Fishing Rod
      • insurance
      • jewelry
      • Love and Relationships
    • Opinion
    • Pets
    • Politics
    • Quotes
    • Sports
    • Wildlife
  • Health
    • Elderly
    • Fitness
    • Food
      • Candy
    • Skin Care
  • Home Care
    • Cleaning
    • DIY How To
    • Flooring
    • Garden
    • Home Decor
    • Home Improvement
    • Tools
  • News
    • Entertainment
    • Featured
      • Tips
    • Misc
    • National
    • Politics
    • World
  • Education
    • Safety and Security
  • Tech
    • Apps
    • Internet
    • SEO
    • Smartphones
    • Social media
    • Technology
  • Travel
No Result
View All Result
  • Contact Us
  • Home
  • Business
    • Career
    • Finance
    • Legal
      • Law
      • Pro Services
    • Marketing
      • Digital Marketing
    • Real Estate
  • Culture
    • Automotive
      • Vehicle
    • Baby Care
    • Game
      • Gaming Chair
    • Lifestyle
      • Fishing Kayak
      • Fishing Rod
      • insurance
      • jewelry
      • Love and Relationships
    • Opinion
    • Pets
    • Politics
    • Quotes
    • Sports
    • Wildlife
  • Health
    • Elderly
    • Fitness
    • Food
      • Candy
    • Skin Care
  • Home Care
    • Cleaning
    • DIY How To
    • Flooring
    • Garden
    • Home Decor
    • Home Improvement
    • Tools
  • News
    • Entertainment
    • Featured
      • Tips
    • Misc
    • National
    • Politics
    • World
  • Education
    • Safety and Security
  • Tech
    • Apps
    • Internet
    • SEO
    • Smartphones
    • Social media
    • Technology
  • Travel
No Result
View All Result
LCARSCom.Net | The LCARS Computer Network | A Star Trek Fan Site
No Result
View All Result

5 IT Best Practices for Sarbanes-Oxley Compliance

lcarscom by lcarscom
November 24, 2019
in Legal
0
5 IT Best Practices for Sarbanes-Oxley Compliance

Sarbanes-Oxley Compliance (Source: Pixabay.com)

Sarbanes-Oxley (SOX) requirements are one of the most important compliance challenges that publicly traded corporations face today. SOX has also become one of the main drivers of enterprise technology and information security expenditure. Yet, despite its existence for nearly two decades, many corporate executives remain unsure about what the exact IT requirements for SOX compliance are. And it’s understandable.

SOX is a financial reporting and accounting mandate that has ramifications on technology infrastructure. Even though there’s the act doesn’t explicitly reference encryption or password rules, the role of IT as a facilitator is implied. While it’s the CFO’s role to ensure data accuracy, the CIO, CTO and CISO tackle the data security and integrity question.

Due to the lack of specific guidance on the technologies necessary for SOX compliance, business and IT leaders have often found themselves groping in the dark. For an organization to pass a SOX compliance audit, they must implement a number of IT best practices. We look at some of these.

Table of Contents

  • 1.   SSL/TLS Encryption for Web-Enabled Applications
  • 2.   End-Point Protection
  • 3.   Reduce Attack Surface On Systems Accessing Financial Applications
  • 4.   Database Activity Monitoring Tools
  • 5.   Removable Media

1.   SSL/TLS Encryption for Web-Enabled Applications

SSL/TLS isn’t an absolutely impregnable defense but it’s certainly the best encryption protection currently available for websites and web-enabled applications. When an SSL/TLS connection is established, the webserver sends the public key to the client browser which the client uses to create a session key with the server.

Whereas rogue sensors and Man-in-the-Middle (MITM) attacks can successfully identify the session and public key, they cannot decrypt the communication if they don’t have the server’s private key.

2.   End-Point Protection

Securing enterprise servers with firewalls and antivirus tools is the absolute minimum an organization is expected to do. However, complying with SOX requires that public companies go a step further.

For firewalls, all ports that serve no specific purpose must be blocked. Get rid of any exceptions in your antivirus scanner. Integrate account and financial reporting applications with an overarching enterprise systems management platform that streamlines your ability to quickly set policy, aggressively deploy updates, prevent configuration tampering and rapidly report possible attacks and significant security issues.

SOX regulators and auditors love audit trails and system-generated reports. A management platform that consolidates security events taking place in your end-points can only be a good thing for SOX compliance.

3.   Reduce Attack Surface On Systems Accessing Financial Applications

If employees are going to work on the crucial account and financial systems from their computer, simply running the operating system and antivirus updates will not suffice in creating a safe environment for the financial data.

Plenty more has to be done including disabling superfluous services, uninstalling unneeded browser add-ons, using group policy to limit user access and permissions, and aggressively applying security policies.

4.   Database Activity Monitoring Tools

SOX is fixated on the integrity and accuracy of financial data. Auditing all activity on tables holding sensitive information is vital.

Consider removing database administrators (DBAs) from database security-related duties. This would prevent a rogue DBA from tampering with financial data and thereafter covering their tracks by altering the audit and monitoring reports along the accounting and financial data workflow.

Instead, database activity monitoring should be automated as much as possible with reports sent to IT security staff and relevant operations and finance managers.

5.   Removable Media

Removable media can be the weakest link in a company’s management and protection of financial data. Given the substantial risks that come with placing sensitive data on removable media, their use should be prohibited if possible. Nevertheless, banning removable media won’t always be possible or practical.

If you must allow removable media, ensure you have policy and controls safeguarding any information contained therein. Without that, your business will be falling short of SOX compliance. The good thing is there are third-party low-cost data loss prevention products you could install to automatically check and enforce encryption of data sent to removable media.

 

When it comes to other major compliance regulations and standards such as GDPR, PCI DSS, and HIPAA, the IT department often builds the foundation for compliance then the rest of the business follows. With SOX, IT comes in after the business has laid the groundwork. Either way, it’s crucial that IT and the business work together if they are to address the SOX challenge satisfactorily.

Tags: Best Practices for Sarbanes-OxleySarbanes-OxleySarbanes-Oxley Compliance
Previous Post

On Which Hand Should You Wear A Bracelet?

Next Post

Why Consumers Get in Trouble with Debt

Next Post
dollar

Why Consumers Get in Trouble with Debt

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

What are the Toughest Hunts in North America?

What are the Toughest Hunts in North America?

May 2, 2022
prescription

Digital prescription-What should you know about it?

May 2, 2022
What is a Wireless Thermostat and How Does It Work?

What is a Wireless Thermostat and How Does It Work?

May 1, 2022
6 Reasons to Hire A Reliable SEO Agency

6 Reasons to Hire A Reliable SEO Agency

May 2, 2022
aesthetic medicine 

A helpful guide to practicing aesthetic medicine 

April 28, 2022
Wallpaper Patterns

Top 3 Wallpaper Patterns For 2022

April 28, 2022
Lawyer

Hiring a Lawyer for Securities Fraud Cases: What to Know and What to Ask

April 27, 2022
women

Causes of Low Libido in Women and Treatments

April 26, 2022
Future of EOS Price

Future of EOS Price

April 26, 2022
injuries

5 Most Common Types of Personal Injuries

April 26, 2022
  • Contact
  • Home
  • Affiliate Disclosure

LCarscom © 2021. All Rights Reserved

No Result
View All Result
  • Contact Us
  • Home
  • Business
    • Career
    • Finance
    • Legal
      • Law
      • Pro Services
    • Marketing
      • Digital Marketing
    • Real Estate
  • Culture
    • Automotive
      • Vehicle
    • Baby Care
    • Game
      • Gaming Chair
    • Lifestyle
      • Fishing Kayak
      • Fishing Rod
      • insurance
      • jewelry
      • Love and Relationships
    • Opinion
    • Pets
    • Politics
    • Quotes
    • Sports
    • Wildlife
  • Health
    • Elderly
    • Fitness
    • Food
      • Candy
    • Skin Care
  • Home Care
    • Cleaning
    • DIY How To
    • Flooring
    • Garden
    • Home Decor
    • Home Improvement
    • Tools
  • News
    • Entertainment
    • Featured
      • Tips
    • Misc
    • National
    • Politics
    • World
  • Education
    • Safety and Security
  • Tech
    • Apps
    • Internet
    • SEO
    • Smartphones
    • Social media
    • Technology
  • Travel

LCarscom © 2021. All Rights Reserved