Contact  |  Press Room       
  • Homes
  • Products
  • Resources
  • Ordering
  • Support & Download
  • About VSS

Industry Review
Related Monitoring Tools
Regulations & Compliance
Whitepapers
Solution Briefs
Case Studies
C-level Insights



Regulations & Compliance
  prev  |  index  |  next  
Sarbanes-Oxley (SOX)
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
http://www.aicpa.org/Sarbanes/index.asp


Description

The Sarbanes-Oxley Act of 2002 was designed to reform the reporting, governance and disclosure of public company financial statements. Sarbanes-Oxley (SOX) mandates that public companies demonstrate due diligence in the disclosure of financial information and maintain internal controls and procedures for the communication, storage and protection of that data.

IT security is one of the central requirements of Sarbanes-Oxley compliance. SOX requires companies to assess any risk associated with information technology or the internal process that may impact the accurate and timely reporting of financial information. Specifically, SOX requirements include:
  • Section 302: Establishes the responsibilities of the CEO and CFO for establishing and maintaining internal controls.
  • Section 404: Requires management to assess the effectiveness of internal controls, obtain external validation of those controls, and provide assurances that financial/accounting processes are protected from unauthorized usage.
  • Section 409: Requires real-time disclosures of material events.
Besides lawsuits and negative publicity, a corporate officer who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and ten years in prison, even if done mistakenly. If a wrong certification was submitted purposely, the fine can be up to $5 million and twenty years in prison.


Audit Body

US Government


Industry Affected

All publicly traded US companies


Distributed Taps & SOX Compliance

VSS monitoring's Distributed Taps, in combination with other security utilities, help with:
    Section 302:
    1. Risk assessment
    2. Event identification
    3. Risk response
    4. Control activities
    5. Monitoring

    Section 404:
    1. Vulnerability assessment & management
    2. Policy-based security controls
    3. Intrusion detection

    Section 409:
    1. Identifying threats in real-time. (Depending on the security appliance, steps can be taken based on company policies, with automatic alerts sent to the appropriate personnel documenting the event and the resultant action taken.)
  prev  |  index  |  next  
Site Tools   :   Privacy Statement   :   Terms & Conditions   :   All Network Taps   :   Feedback Forms   :   Site Map
Copyright© 2003-2008 VSS monitoring Inc. All rights reserved.