Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge
2008-06-25来源:
Is your enterprise following the rules?The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and Business continuity.Complying with Sarbanes-OxleyThe changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:* network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* ForensicsThese components enable information integrity and data retention, while enabling IT audits and Business continuity.In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.Sarbanes-Oxley Section 404Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.Effective Email ControlsEmail has evolved into a Business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all o
相关文章
- Email Scams - Ten Simple Steps To Avoiding Them
- Cybercriminals Trick: Targeted Trojan-Containing Emails
- Is Your Email Private? Part 1 of 3
- Money Mule Email Scam Hits U.S.
- How to Know Whether an Email is a Fake or Not
- Crack The Code - Thats A Direct Challenge
- New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue
- Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk