Presentation is loading. Please wait.

Presentation is loading. Please wait.

World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com How IT is affected by Sarbanes-Oxley Act.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com How IT is affected by Sarbanes-Oxley Act."— Presentation transcript:

1 World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com How IT is affected by Sarbanes-Oxley Act – or is it? Carol Woodbury carol.woodbury@skyviewpartners.com

2 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 2 WEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the speaker and discusses the details of the Webcast. :05- :35: Speaker delivers a PowerPoint presentation on the webcast topic. :35- :60: Moderator and speaker engage in a Q&A on the topic. You can submit questions to the speaker at any time during the event. Just click on the “Ask a Question” button in the lower left corner of your screen.

3 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 3 TECHNICAL FAQs Here are answers to the most common technical problems users encounter during a webcast: Q: Why can’t I hear the audio part of the webcast? A: Try increasing the volume on your computer. Q: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do? A: The slides are constantly be pushed to your screen. You’ll should refresh (hit F5) to view the latest slide. If your question is still not answered, please click the “Ask a Question” button in the lower left corner of your screen and submit your problem. A technical support person will respond immediately. You can also visit the Broadcast Help page for more information or to test your browser compatibility. Click here: http://help.yahoo.com/help/bcst/

4 World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com How IT is affected by Sarbanes-Oxley Act – or is it? Carol Woodbury carol.woodbury@skyviewpartners.com

5 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 5 Disclaimer This presentation is for educational purposes only and is not intended an endorsement of any vendor or vendor product mentioned during this webcast.

6 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 6 Agenda Description of Sarbanes-Oxley Act What we’re seeing What this means Tips

7 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 7 Sarbanes-Oxley Act Legislation passed in 2002 to prevent another Enron/Arthur Andersen fiasco. Section 302 – Corporate accountability Section 404 – Internal controls over financial reporting Internal controls over financial reporting Requires supporting documentation

8 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 8 Security statements in SOX

9 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 9 Accounting firms SOX auditing firms Must meet certain criteria and be registered as a SOX audit firm Cannot be the same firm that remediates issues discovered Requiring sound data security practices before signing audit

10 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 10 COBIT – process for managing risk Provides a process to assess and manage risk and balance that risk against benefits to the business. Centered around IT processes Four domains Each domain is divided into IT processes (34) Each IT process is divided into control objectives (318)

11 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 11 ISO17799 Implementation Guidelines for IT Security Sections include Security policy Organization security Asset classification and control Personnel security Physical and environmental security Communications and operations management Access control System development and maintenance Business continuity management Compliance with legal requirements

12 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 12 What does this mean? Need to Assess your risks Come up with a plan to mitigate risks Implement sound a security scheme

13 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 13 Audit checklist System values set to best practices Users Get rid of default passwords Get rid of old profiles or accounts Examine users that have been given privileges (special authorities). Remove if not part of user’s job function. *ALLOBJ *AUDIT *SECADM *IOSYSCFG Object authorities *PUBLIC(*ALL) Authority of libraries and directories containing sensitive applications Authority of files containing confidential or private data TCP/IP configurations

14 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 14 What systems need to be examined? All production systems Production Development when connected to the network and can access production

15 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 15 Missing documentation Security policy Standards Processes Disaster recovery plan Steps toward remediation Initial reports Periodic reports Plans and sign-offs of major changes

16 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 16 Policy Corporate Security Policy Standards Mandatory requirements employed and enforced to prescribe a disciplined uniform approach to achieve an objective, that is, mandatory conventions and practices are is fact standards. Procedures A series of defined activities carried out to accomplish a task or operation A guiding principal, typically established by senior management, that is adopted by an organization or project to influence and determine decisions Best practices Superior performance within a function independent of industry, leadership, management, or operational method or approach that lead to exceptional performance

17 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 17 Policy vs. Standard vs. Procedure Policy User will have a unique account Privileges will be granted based on job classification Access to private data will be based on business justification Standard User’s manager is responsible for requesting an OS/400 user profile for each employee Default access No special authorities Access to Basic menu Additional access Approved by employee’s manager Approved by application owner User’s manager and HR is responsible for notifying IT that user has left the company Procedure Procedure Create user profile by taking Option 1 from the Administration Menu Naming convention is first 7 characters of last name plus first letter of first name For end users and programmers the special authorities granted are *NONE For operators the special authorities granted are *SAVSYS and *JOBCTL

18 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 18 Security awareness training Security tip (once a month e-mail) Posters Social engineering training “Appropriate Use Statement” on all computer systems Periodic review of security policy, especially after updates Random re-training and acknowledgement of re-read

19 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 19 For more information Contact SkyView Partners www.skyviewpartners.com 1-425-457-4975

20 © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com 20 Questions? Submit your questions now by clicking on the “Ask A Question” button in the left corner of your presentation screen. Carol will answer your questions shortly after the broadcast.

Download ppt "World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. www.skyviewpartners.com How IT is affected by Sarbanes-Oxley Act."

Similar presentations

WEBCAST SCHEDULE Todays event will run one-hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.

WEBCAST SCHEDULE Todays event will run one-hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.
© Copyright 2006 SkyView Partners Inc. All rights reserved. www.skyviewpartners.com 1 Introducing: SkyView Policy Minder for i5/OS and OS/400 “In today’s.

© Copyright 2006 SkyView Partners Inc. All rights reserved. 1 Introducing: SkyView Policy Minder for i5/OS and OS/400 “In today’s.
EvalS Application User Guide version 1.0.1 - September 17, 2011.

EvalS Application User Guide version September 17, 2011.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Slide 1 FastFacts Feature Presentation 12/16/2014 To dial in, use this phone number and participant code… Phone number: 888-651-5908 Participant code:

Slide 1 FastFacts Feature Presentation 12/16/2014 To dial in, use this phone number and participant code… Phone number: Participant code:
Network security policy: best practices

Network security policy: best practices
Slide 1 FastFacts Feature Presentation April 3, 2014 To dial in, use this phone number and participant code… Phone number: 888-651-5908 Participant code:

Slide 1 FastFacts Feature Presentation April 3, 2014 To dial in, use this phone number and participant code… Phone number: Participant code:
Invoices On – Line Registration Instructions for Vendors.

Invoices On – Line Registration Instructions for Vendors.
Printing Systems August 19, 2003 © 2003 IBM Corporation iSeries Infoprint Announcement Enhancements to Infoprint Server and Infoprint Designer Guest speaker:

Printing Systems August 19, 2003 © 2003 IBM Corporation iSeries Infoprint Announcement Enhancements to Infoprint Server and Infoprint Designer Guest speaker:
© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, 2006 2:00pm EST, 11:00am PST George Spafford, President Spafford.

© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, :00pm EST, 11:00am PST George Spafford, President Spafford.
Www.mtech.edu/career Student Guide to DIGGERecruiting.

Student Guide to DIGGERecruiting.
WEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expected times for each segment of the Webcast: :00 – :05: Moderator introduces the.

WEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expected times for each segment of the Webcast: :00 – :05: Moderator introduces the.
Conducting Online Driver Records Checks Lesson 1 Using the mt.gov “ePass” System & the Department of Justice Driver History Records Service Presented.

Conducting Online Driver Records Checks Lesson 1 Using the mt.gov “ePass” System & the Department of Justice Driver History Records Service Presented.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
WORKING EFFECTIVELY IN AN INFORMATION TECHNOLOGY ENVIRONMENT

WORKING EFFECTIVELY IN AN INFORMATION TECHNOLOGY ENVIRONMENT
Planning an Audit The Audit Process consists of the following phases:

Planning an Audit The Audit Process consists of the following phases:

Similar presentations

Ads by Google