Recent financial scandals prompted lawmakers to enact the Sarbanes-Oxley legislation, which is intended to help ensure the accuracy and integrity of corporate financial data. Companies working toward Sarbanes-Oxley compliance are required to have adequate security measures in place for the purpose of protecting this data from tampering by unauthorized personnel. Chances are you're facing an imminent SOX compliance audit, and SecureAware can help you.
The first step in developing a solid information security program is to clearly define the ground rules — the business policies and procedures that will govern your security infrastructure. Those policies should be written in plain language and conform to industry standards to ensure they are complete and easy to follow. For many IT professionals, this can be a daunting task and is often overlooked. The result is typically a random assortment of ad hoc security measures thrown in place without a cohesive plan.
While it is important to have the requisite protections in place, such as anti-virus, firewalls, etc., it is more effective if those countermeasures are aligned with business objectives. SecureAware is based on the comprehensive ISO/IEC 17799 information security management standard, and it will help you develop and organize your living security policy document in a structured, methodical approach.
Most auditors will use an industry standard (published "best practices" document) such as ISO/IEC 17799 and CobiT as a reference, and your policy will be the first thing they look at. After examining your policies and procedures, the auditor will ask you to prove that you practice what you preach. You will have to provide evidence of the control measures in place that conform with, and enforce, your policies. For this reason, your policies should be carefully examined one by one to ensure that they are realistic and meet the specific requirements of your business. With each step of the audit, the information gathered will be more and more granular and technical in nature, but step one will be your overall infosec policy.
SecureAware is a powerful information security intranet that provides the cohesive framework and content required for creating, communicating and managing your information security program. It can instantly create a comprehensive policy in conformance with internationally-recognized standards and make it accessible by all employees via web browser. Unlike text-based solutions, SecureAware utilizes a database of policy "objects" that can be selected or deselected to form your customized policy. This approach makes it much easier to track changes and automatically update policy awareness programs.
Another requirement of the SOX legislation is regular security awareness training for all employees. The reason for this is that humans are most often the cause of serious security breaches. People are weakest part of the security process, and they need constant reminding of threats that could ultimately compromise data integrity. Most security products can be rendered useless by the actions of a single employee who didn't know better.
Security awareness training can be a large undertaking in itself, but SecureAware makes it simple. Integration between the SecureAware Survey, Education and Policy modules eliminates duplication of effort. An effective awareness program, based on your specific policies and procedures, can be generated with a couple of mouse clicks. Employees are trained and tested on all aspects of your policy as well as general security concepts, and the reported results can be used to determine overall security posture.
Sarbanes-Oxley is not an event, it's a law, and laws must be obeyed at all times. The most efficient way to do that is by incorporating it into the everyday business process and automating specific activities required for compliance. Security and policy awareness must be a continual process in order to maximize effectiveness of the security infrastructure and ensure the integrity of your busines.
About Neupart, Inc.Neupart, an ISO 27001 certified company, is the leading provider of governance, risk, and compliance management (GRC) solutions. Neupart helps large enterprises manage complex regulatory mandates and operational risk, and provides small businesses with little or no security expertise an all-in-one platform for compliance, best practices and awareness. Neupart generates ROI for its customers by collecting policies, IT controls and risk information that are in disparate locations throughout the enterprise; automating repeatable processes and allowing the organizations to quickly respond to new compliance mandates, audit requests and evolving business risks. The Neupart SecureAware platform is a collaborative workflow system that is delivered as software, an appliance, or Software as a Service (SaaS). The library of security objects and modular functionality allows organizations to rationalize and reduce security controls, perform full lifecycle management of risk assessments and IT audits, and create one defensible standard of care. SecureAware's content engine can rapidly incorporate and map between unlimited control frameworks, standards and regulations through its Standard Manager with Smart Object Linking capability. Whether your issues are PCI compliance, governmental regulations, ISO 27000 best practices or managing evolving business risks, Neupart allows your organization to respond effectively to these challenges and "future proof" your compliance program. |
ContactPhone+1 (360) 820-2545 Fax+1 (360) 392-6078 Address2553 Crescent Street |