Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act "the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression." Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion's share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure's effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company's systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization's IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company's email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

---

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

How Spyware Blaster Can Protect Your Computer From Harm

By browsing a web page, you could infect your computer... Read More

Cyber Crooks Go Phishing

"Phishing," the latest craze among online evil-doers, has nothing to... Read More

Desktop Security Software Risks - Part 1

This is the second in a series of articles highlighting... Read More

Arming Yourself Against Spyware

While clicking from site to site on the internet you... Read More

Web Browsing - Collected Information

You may not realize it, but as you are surfing... Read More

Whats All This I Hear About Firewalls?

At this point, if you've got the whole "turning the... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

How to Protect Yourself Against Online Criminals

Credit card fraud is a growing problem for online businesses... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

3 Steps to Ending Scams and Virus Problems

Watching how the traditional media covers the latest virus or... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More

Viruses and Worms, Protection from Disaster

Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More

The Risk Of Electronic Fraud & Identity Theft

Electronic Fraud and Identity Theft Human beings are pretty... Read More

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

Web and Computer Security

Well, if that would have been said to me by... Read More

Phishing-Based Scams: A Couple of New Ones

Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More

Is Your Music Player Spying On You?

In today's times spyware is a very serious issue and... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

Avoid Internet Theft, Fraud and Phishing

Since its birth, the Internet has grown and expanded to... Read More

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

An Open Door To Your Home Wireless Internet Network Security?

This is not some new fangled techno-speak, it is a... Read More

Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk

The trash folder in my main inbox hit 4000 today.... Read More

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom As a network... Read More

Identity Theft ? Beware of Phishing Attacks!

"Dear Bank of the West customer", the message begins. I've... Read More

Cybercriminals Trick: Targeted Trojan-Containing Emails

Threats we ordinary Web users face online leave us no... Read More

The Saga of the Annoying Adware

When we think of adware, what comes to mind are... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda

Fishing on the Internet has come a long way. However,... Read More

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

How to Manage Your Username and Password The Easy and Secure Way

Have been an Internet user for more than 9 years,... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More