The Public Company Reform and Investor Protection Act of 2002, also known as the Sarbanes-Oxley Act (SOX), is today a top priority among US public companies. In response to allegations of dubious financial accounting practices culminating in major corporate scandals, SOX was implemented to establish good corporate governance and to restore confidence in the US public markets.
Section 404 of SOX requires top management to establish an adequate internal control structure and include an assessment of its effectiveness in the annual report. Additionally, an external auditor needs to verify the management assertions. For accelerated filers Section 404 becomes effective for fiscal years ending on or after November 15, 2004, while all other public companies are affected for the fiscal year ending on or after July 15, 2005.
SSH Tectia can help public companies implement technical control objectives related to systems security as a part of the SOX Section 404 compliance directive. By incorporating confidentiality, integrity, and authentication as security services within the corporate network, SSH Tectia enhances the financial reporting reliability by preventing illegitimate modification of financial data, or unauthorized access to accounting information. Strong user authentication, optionally based on smart cards or other hardware tokens, ensures that authorization decisions are based on the true identities of users, which eliminates the risk of unauthorized data access.
SSH Tectia protects business-critical applications by providing a transparent security layer for networked applications, encrypting data traffic end-to-end between a workstation and a server, or between servers. Business application protection offers security against common network attacks by providing a trusted path for critical information, including financial reporting data, while it travels in the corporate network.
SSH Tectia for secure remote administration, based on the Secure Shell protocol, allows system administrators to manage servers in large and heterogeneous network environments. Various system administration operations, such as software installation, often require high system privileges allowing broad access to different type of data. As a centralized management platform, SSH Tectia Manager uses its monitoring capabilities to enable organizations to implement effective auditing and control practices that include system administration operations. Server access log data is centrally stored in the management system database, facilitating reliable auditing of access and authentication data on an on-going basis. Additionally, all administrator access within SSH Tectia Manager is recorded for auditing purposes.
Sarbanes-Oxley Act (SOX) |
|
