Keeping SOX 404 under control(s)

Every organization's security policy requirements are based on several variables, perhaps the most important of which is based on the outcome of a risk analysis or ongoing IT security audits. However, there are several security policies that most corporations will need to help with SOX 404 compliance regardless of their size, setup and business processes. These are:

Access controls -- Hardware/software controls regulating who has access to what financial-related information.

Audit trails -- Application, operating system, etc. logs that track who has accessed, modified or deleted financial information.

Computer and media disposal -- Minimum requirements for ensuring financial-related information is wiped before hardware and media leave the company.

Data ba...

To read more you must become a member of SearchFinancialSecurity.com

As an existing member of the TechTarget network please activate your SearchFinancialSecurity.com account 

By joining SearchFinancialSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Compliance and Governance Digest Seven GRC best practices for information security Shifting to a flexible information security framework Vendor contract management: Regulatory guidance is risk-based Vendor audit and monitoring contractual rights Data breach protection: Implementing vendor breach safeguards How to manage security risks in vendor contracts Red Flags Rule and preparing for new regulations Companies lagging in PA DSS compliance Social media: Risk management strategies for financial institutions FFIEC guidance on RDC: Guidance overview SOX financial reporting compliance Audit requirements drive demand for privileged account management Regulatory reform will require much work ahead Infosecurity pro pitfalls Using virtualization for compliance efforts SureWest makes the call on SOX compliance Survey: Life back on track at financial firms after SOX Five steps for SOX compliance Sarbanes-Oxley testing cuts could mean cost cuts Some Things SOX Doesn't Say: SOX Myths FISMA and SOX

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary SOX Section 404  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ckup -- Specific backup requirements to ensure financial data is properly protected.

Data integrity controls -- Hardware/software solutions to keep financial information from being inappropriately modified (i.e. IDS/IPS, malware protection, rights management software, application controls to filter input and perform data validation, etc.).

Data retention -- Minimum requirements for holding onto critical financial data, especially supporting documentation, related communications, etc.

Document destruction -- Requirements and steps to be taken (or not taken) when destroying hard copy information.

Information classification -- Outlining how various types of financial information will be classified and protected based on level of sensitivity.

Messaging security -- Minimum requirements for protecting the transmission and storage of messages (e-mail and instant messaging) containing sensitive financial-related information.

Security assessments and audits -- How systems will be continuously tested and audited for security risks.

System authentication -- Hardware/software controls ensuring that users accessing financial information are who they say they are.

System monitoring -- Technologies and processes in place to detect and alert on financial information breaches.

User provisioning -- Specific requirements and processes for adding and removing users who will have access to financial information.

Wireless networks -- Minimum security requirements for wireless systems connecting to corporate networks.

Formatting SOX compliance policies for maximum effectiveness may seem detailed and complex, but there is a simple template approach you can take when writing them. Once your compliance policies have been set, enforcing them is equally important.

Corporations that must comply with SOX are likely to be covered by other regulations as well such as HIPAA and the Gramm-Leach-Bliley Act. If this is the case for you, consider writing higher-level information security policies that can be applied across the board and cover as many regulations as possible. Most regulations have similar requirements and there's certainly no need for duplication. This will save you major time and effort when it comes to managing your security policies long-term. Keeping information security as simple and practical as possible is, nevertheless, what it's all about.

• Go to Security School.
• Find out how to create effective policies with this simple policy template.
• Learn how to effectively enforce your policies.