Free Articles, Free Web Content, Reprint Articles
Tuesday, May 29, 2012
 
Free Articles, Free Web Content, Reprint ArticlesRegisterAll CategoriesTop AuthorsSubmit Article (Article Submission)ContactSubscribe Free Articles, Free Web Content, Reprint Articles
ADVERTISEMENTS
RELATED ARTICLES
Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge
ERP for Project-based Companies Addresses Sarbanes-Oxley Compliance
Record Retention and Sarbanes-Oxley
How Nov. 15, 2004 Deadline for Sarbanes Oxley 404 Compliance Affects You
Sarbanes Oxley Act 404 – An Auditor’s Nightmare
History of Sarbanes Oxley Act
Sarbanes-Oxley Compliance Requirements Addressed by TGI’s Enterprise 21 ERP Software
Sarbanes-Oxley Compliance for Project-based Companies Addressed by VISIBILITY.net
Enabling Sarbanes-Oxley Security Monitoring Compliance
Do You Know The Purpose Of Sarbanes Oxley Act?
SOX Compliance for Project-based Companies Answered by VISIBILITY.net
Research Shows Internal Audit Getting Back to Basics
Sarbanes-Oxley Supported by Enterprise 21 ERP Software by TGI
How Sarbanes-Oxley Affects Corporate Email Systems
Sarbox Delay Does Not Mean 'Take it Easy'
  RSS   Digg: Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge   Email: Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge  
 
Basic Author CipherTrust

Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Email Articles | May 19, 2005

Is your ... ... the ... bulk of ... ... in many ... is created, stored and ... ... ... by IT and ... via ... ...

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately accountable for SOX compliance are the corporate CEO and CFO, who will depend on company finance operations and IT to provide critical support when they comply with the SOX requirement to report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components enable information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley
The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act “the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression.” Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders a lion’s share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that sound practices, including corporate-wide information security policies and enforced implementation of those policies, are in place for employees at all levels. Information security policies should govern:


  • Network security
  • Access controls
  • Authentication
  • Encryption
  • Logging
  • Monitoring and alerting
  • Pre-planning coordinated incident response
  • Forensics


These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

  • They have reviewed quarterly and annual financial reports;
  • The information is complete and accurate;
  • Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.


Sarbanes-Oxley Section 404
Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure’s effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls
Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

  • A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal controls;
  • Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;
  • Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;
  • Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties


For years, corporations addressed their various email security needs through a mixture of third-party software “solutions” designed to address specific areas of vulnerability. Today, however, this approach is ineffective. New amorphous threats adapt to even the latest security technology, helping hackers and spammers stay a step ahead of most stand-alone protective measures. System administrators remain in a reactionary mode, waiting for the next attack and hoping their mixed bag of security software is up to the test. The new challenges posed to email security demand a new approach that protects enterprises from all types of malicious attacks. Enter CipherTrust’s IronMail.

IronMail and Sarbanes-Oxley
IronMail has been created to protect organizations from both known and unknown email security attacks. IronMail offers automatic or manual updates to protect against both known and newly discovered email security threats and vulnerabilities, and the comprehensive messaging security provided by IronMail assists organizations in key areas of maintaining effective internal controls. Specific financial information threats and vulnerabilities protected by IronMail include:

  • Viruses, worms, and other malicious code
  • Internal users and external hackers attacking email systems
  • System failures from malicious attacks that can lead to subsequent legal liabilities
  • Unintentional or malicious information access or exposure


IronMail provides a comprehensive solution to the Sarbanes-Oxley information integrity requirements as they relate to protecting corporate financial information that is transmitted and stored via email. Everything from message privacy/encryption to email firewall and intrusion protection to content filtering is included in the IronMail solution.

Take the Next Step
Learn more about how IronMail helps organizations ensure Sarbanes-Oxley compliance by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaperScience Articles, “Contributing to Sarbanes-Oxley Compliance with IronMail”.

Article Tags: Information Security Policies, Financial Information, Information Integrity, Internal Control, Information Security, Security Policies, Effective Email, Email Security

Source: Free Articles from ArticlesFactory.com

ABOUT THE AUTHOR


CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Contributing to Sarbanes-Oxley Compliance with IronMail” or by visiting www.ciphertrust.com.
Health
Business
Finance
Travel
Home Repair
Technology
Computers
Family
Communication
Entertainment
Autos
Marketing
Self Help
Sports
Home Business
Education
ECommerce
Law
Other
Internet
Partners
California Bail Bonds Bounty Hunters
Immigration Attorney
Moving Relocation Services
Crystal Awards and Trophies
Handbags
Alpine Car Audio
Carpet Cleaning Los Angeles


Free Articles Home | Register | Submit an Article | Links | Contact | Archive | XML/RSS Feed
Terms of Service | Privacy Policy
Page loaded in 0.092 seconds