The Sarbanes-Oxley Act, SOX in short, came into reckoning in July 2002. This act effected major changes in corporate governance and financial reporting with the objective "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws". The SOX Act is categorized into 11 titles with sections 302, 404, 401, 409, 802, and 906 being the most significant ones. Section 404 and (to some extent) Section 302 lays the foundation on how IT can aid SOX compliance.
This section pertains to the guidelines laid down by the Securities and Exchange Commission on what SOX demands. According to the SEC, companies must: "Include in their annual reports a report of management on the company's internal control over financial reporting".
The control report must include:
For each company filing periodic statutory financial reports under section 13(a) or 15(d) of the Securities
Exchange Act of 1934 it is required to include certifications that:
By reincorporating their activities or transferring their activities or corporate locations outside of the United States organizations may not attempt to avoid these requirements
IT can aid Organizations to manage the internal controls and conform to the guidelines laid out in SOX. Its common knowledge that all network systems are capable of storing information of all the activities that took place within the system in their log files. These log files contain wealth of information which can be mined to obtain information on user level activities like logon success or failure, system level activities like file read, write or delete, host session status, account management and others. Monitoring these logs will assist in detecting system problems, and obtain log trail for forensic investigation. And generating reports for these activities provide management with internal control specified by SOX.
Section 802 of SOX mandates that records are maintained for seven years after the auditor concludes the audit. So it can be safely assumed that as far as system logs are concerned, they need to be stored or archived for posterity. Here again IT can handle this requirement by providing a centralized repository where logs collected from disparate systems can be collected, normalized, aggregated, and archived.
ManageEngine® EventLog Analyzer (www.eventloganalyzer.com) is a web-based, agent-less syslog and windows event log management solution that collects, analyzes, archives, and reports on event logs from distributed Windows host and, syslogs from UNIX hosts, Routers & Switches, and other syslog devices.
EventLog Analyzer helps you to:
EventLog Analyzer lets corporations collect, retain and review terabytes of audit trail log data from all sources to support Sarbanes-Oxley Section 404's IT process controls. These logs form the basis of the internal controls that provide corporations with the assurance that financial and business information is factual and accurate.
The types of reports that EventLog Analyzer provides for SOX Audits are as follows:
SOX requirements (Sec 302 (a)(4)(C) and (D) - log-in/log-out monitoring) clearly state that user accesses to the system be recorded and monitored for possible abuse. Remember, this intent is not just to catch hackers but also to document the accesses to medical details by legitimate users. In most cases, the very fact that the access is recorded is deterrent enough for malicious activity, much like the presence of a surveillance camera in a parking lot.
SOX requirements (Sec 302 (a)(4)(C) and (D) clearly state that user accesses to the system be recorded and monitored for possible abuse. Remember, this intent is not just to catch hackers but also to document the accesses to medical details by legitimate users. In most cases, the very fact that the access is recorded is deterrent enough for malicious activity, much like the presence of a surveillance camera in a parking lot.
The security logon feature includes logging all unsuccessful login attempts. The user name, date and time are included in this report.
SOX requirements (Sec 302 (a)(4)(C) and (D) - review and audit access logs) calls for procedures to regularly review records of information system activity such as audit logs.
Identify when a given object (File, Directory, etc.) is accessed, the type of access (e.g. read, write, delete) and whether or not access was successful/failed, and who performed the action.
Identifies local system processes such as system startup and shutdown and changes to the system time or audit log.
Indicates that someone reconnected to a disconnected terminal server session. (This is only generated on a machine with terminal services running.)
Periodically, the system administrator will be able to back up encrypted copies of the log data and restart the logs.
Significant changes in the internal controls sec 302 (a)(6). Changes in the security configuration settings such as adding or removing a user account to a administrative group. These changes can be tracked by analyzing event logs.
Tracking event logs for changes in the security configuration settings such as adding or removing a global or local group, adding or removing members from a global or local group, etc.
EventLog Analyzer lets corporations comply with internal controls sec 302 (a)(5) by tracking the event logs for any changes in the security audit policy.
Identifies successful user account logon events, which are generated when a domain user account is authenticated on a domain controller. Unsuccessful User Account Validation Report:
Identifies unsuccessful user account logon events, which are generated when a domain user account is authenticated on a domain controller.
EventLog Analyzer lets corporations comply with internal controls sec 302 (a)(5) by auditing user activity.
EventLog Analyzer lets corporations comply with internal controls sec 302 (a)(5) by tracking application process.
Founded in 1996, ZOHO Corp. is a software company with a broad portfolio of elegantly designed, affordable products and web services. ZOHO Corp. offerings span a spectrum of vertical areas, including network & systems management (ManageEngine.com), security (SecureCentral.com), collaboration, CRM & office productivity applications (Zoho.com), database search and migration (SQLOne.com), and test automation tools (QEngine.com)
ZOHO Corp. and its global network of partners provide solutions to multiple market segments including: OEMs, global enterprises, government, education, small and medium-sized businesses and to a growing base of management service providers. www.manageengine.com, www.zoho.com