|
Sarbanes-Oxley Solutions
The Standard
The Sarbanes-Oxley Act (SOX) was signed into law in July 2002 following a series of high profile scandals. Its objective is to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. Sarbanes-Oxley imposes stiff penalties for company officers who fail to ensure the accuracy of their financial reports and further penalizes anyone who obstructs fraud investigations by destroying or altering records.
Publicly traded companies, public accounting firms and firms providing auditing services are all required to comply with Sarbanes-Oxley. Those with valuations over $75 million are required to comply for fiscal years ending on or after November 15, 2004. All other public companies must comply for fiscal years ending on or after July 15, 2005.
The Challenge
With increased compliance requirements from legislation such as Sarbanes-Oxley, public companies need to have extensive internal control systems. Since much of a company’s financial data resides on servers, responsibility for these internal control requirements fall on IT professionals. Network administrators and their management need tools to perform the following actions in order to bring a Windows network into compliance:
- Review, Develop and Implement Access Controls - Review current internal controls, develop and implement new ones as needed
- Maintain Access Controls - Continual checks to ensure controls are in place and effective, at least quarterly, to enable management to report on effectiveness.
- Report on Access Controls - Annual review of all internal controls, with extensive reporting requirements for auditors.
The Solution
ScriptLogic solutions can assist in bringing every aspect of an organization’s Windows network into compliance in the areas of Active Directory, server and desktop security. The following actions can be performed with ScriptLogic solutions:
Review, Develop and Implement Access Controls
Ensure Proper Permissions in Active Directory – Active Administrator generates reports on AD permissions, which can be used to identify inappropriate permissions. Permissions can be delegated with Active Templates, making delegations specific and consistent .
Manage Group Policies to Secure Users and Desktops – Active Administrator harnesses the power of Group Policies by incorporating an Offline Repository to make modifications, along with an enhanced RSoP to determine the effect of Group Policies.
Manage Server Security – Inspect, manage and report on NTFS permissions with Security Explorer, dramatically reducing the amount of time required to secure an organization’s data. Report and document the security settings in AD, NTFS, server registries, and shares with Enterprise Security Reporter.
Secure the User’s Desktop –The Patch Deployment for Desktops and Anti-Spyware options found within Desktop Authority ensure an organization’s desktops are not susceptible to known vulnerabilities.
Maintain Access Controls
Quickly Restore Delegated Permissions – Active Administrator’s Self-Healing Active Templates enforce the permissions you’ve delegated.
Audit Changes in Active Directory – Audit, report and notify on any change in AD, such as password resets, group membership changes or Group Policy management with Active Administrator.
Backup and Restore Security – Protect your NTFS security with Security Explorer and AD permissions with Active Administrator.
Report on Access Controls
Comprehensive Windows Security Reporting – Enterprise Security Reporter gives insight into the security settings on NTFS, Shares, and Registries, while Active Administrator details the security settings in AD. Additionally, Security Explorer can be used to provide reporting on just NTFS permissions.
|
Compliance Center
