Article

Preparing for a SOX audit

Jennifer Lawinski, News Writer

Fourth in a series.

In a recent interview, Alex Bakman, CEO of Ecora Software Corp., in Portsmouth, N.H., offered his top five tips for IT administrators when preparing for a Sarbanes-Oxley (SOX) audit.

1. Select a set of controls -- and test repeatedly. The essence of the SOX audit is to prove that you do what you say you do.

    Requires Free Membership to View

The Sarbanes-Oxley Act doesn't require people to have a specific set of IT controls, but whatever set of controls you pick, you need to demonstrate that you have a credible way of testing them.

For more information

Special report: Coming to terms with compliance

2. Develop a sound password policy. This involves establishing password duration and password aging policies and requiring complex passwords. Many organizations are guilty of allowing users to create obvious passwords, such as the name of a pet.

3. Review permissions. The first thing auditors do is go into "shares" to find out who has access to what. You should review shares with an eye toward whether such permissions are in line with documented policies.

4. Validate access control lists. Test credentials against critical line-of-business systems. Auditors will look to see if your lists for who should have access to an application really govern who has access.

5. Plug database holes. Review database management systems and be able to validate that from a DBMS-authorization perspective that there are no holes. A common problem that auditors look at involves how many production systems that are housing sensitive data are running with the full credentials.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: