Network Health and Security Monitoring that Provides Support to Public Company Auditing and Accountability Reporting
The Sarbanes-Oxley legislation (commonly called SOX regulations) set auditing and accountability standards for all US public company boards, management and public accounting firms. The Section 404 of the Act requires the management and external auditors to report on the adequacy of the company’s ‘internal controls’ structure and procedures for financial reporting. The interpretation of ‘internal controls’ is all encompassing and includes risk assessment to identify points within the flow of IT transactions that may cause misstatements of financial reporting to arise. It also mandates assessment and evaluation of controls designed to prevent and detect fraud, including management override of those controls. Non-compliance with the act and falsification of records or otherwise obstruction of investigation attracts onerous criminal penalties.
Since the data for financial reporting is generated, stored and accessed within IT networks and systems, the security and health of the infrastructure is a key component of the internal control structure. For example, comprehensive event log monitoring procedures can track and monitor every access to financial data within the flow of business operation. Unexpected changes in individual role and group privileges within internal systems can introduce risk to the integrity of their data, especially if this information is rolled up into financial reporting. Any such changes need to be flagged for investigation and audit. Moreover, external hacker attacks, virus or malware propagation and even unplanned system failure that results in data loss and many other IT events – may affect the capability for accurate financial reporting.
How WhatsUp Log Management Products Contribute to SOX Compliance
The WhatsUp Log Management solutions provide comprehensive coverage of Windows event log and Syslog monitoring, collection and storage. Administrators can identify patterns and instances of threat incidents from volumes of raw event log data from across the infrastructure and applications in near real-time or through later forensic analysis. With secure storage of event log data over multiple years, auditors are assured that they always have access to detailed file access, policy change and user action triggered events that may have impacted accurate financial reporting.
Audit and event log monitoring guidelines will differ from one organization to the next based on their internal structure and control processes. We present below a few illustrative examples of activities supported by the WhatsUp Log Management Solutions that will be of benefit to any organization in need of ensuring compliance with the Sarbanes Oxley legislation:
- Automatic collection and consolidation of event log files from all types of infrastructure and applications for near real-time review and forensic analysis
- Monitoring of individual file, folder and registry access, and any changes or deletions that may impact or contain SOX compliance data
- Secure storage of event log files through parallel cryptographic hashing to prevent any tampering
- Monitoring of server and workstation logs for detecting intrusion incidents and questionable policy changes
- Automatic reporting on critical log file data access and related changes to all stakeholders
- Monitoring and reporting on changes to key groups, such as Administrators, Account Operators, etc. that may introduce a potential risk of financial data tampering
- Enforcement of security processes on user laptops and workstations that safeguard against data leakage and change when they are left unattended
How WhatsUp Gold Infrastructure Management Products Contribute to SOX Compliance
The WhatsUp Gold infrastructure monitoring platform is vital to maintaining the health and availability of all internal systems that contribute to financial reporting. If financial databases or other compliance related data is lost or otherwise exposed to non-authorized users during transmission, storage or under the stress of external attacks – that has a direct bearing on the risk assessment of the internal control structure. The following are some examples of how infrastructure and applications monitoring using WhatsUp Gold and its related plug-ins contribute to SOX Compliance:
- WhatsUp Gold and its Flow Monitor and Flow Publisher plug-ins can help detect attempts to gain unauthorized access to networks and systems from unknown IP addresses from outside the secure network perimeter.
- The WhatsConfigured plug-in can alert to instances of configuration change that may be intended to direct sensitive traffic and data outside the network.
- WhatsUp Gold capability to discover and monitor wireless access points on the network can alert to potential rogue activity directed at penetrating the corporate network from contiguous locations to the company’s physical offices.