The Sarbanes-Oxley Act (SOX)
One of the most famous regulatory compliance standard is Sarbanes-Oxley Act. The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The regulatory compliance standard is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. Implementers can get up-to-date information regarding Sarbanes-Oxley Act of 2002 from US Securities and exchange commission of Pakistan.
The Sarbanes-oxley act in 2002 sets a number of rules on the corporate governance and responsibilities of public companies. Due to which Securities and Exchange Commission has set deadlines for compliance of 15th June 2004 for corporations with a total turnover of $75 million yearly and 15th April 2005 for smaller companies.
Sarbanes-Oxley Act emphasis more on reporting obligations from senior executives, auditors and securities analysts Essence of this act is to ensure CIA of financial data. This is present in the following:
Secure Auditor™ a network based security auditing tool implies distinct methodologies to explore vulnerabilities in different operational systems, specially in finding application layer security vulnerabilities like deletion, modification and access control within the database.
Secure Auditor SOX Compliance Statement.
Secure Auditor™ extends an important role in compliance to Sarbanes Oxley Act by providing detailed and in depth reports of vulnerabilities which could be exploited to gain access to the critical information stored on the network; hence mitigating the risk of attack.
Section 404 of this act entitled "Management Assessment of Internal Control", deals with the responsibility of company's management to maintain an internal control structure for financial data , reporting and to perform regular audits on this system. Secure Ora Auditor™ will go a long way in compliance with this Act as it is explicitly programmed to assess vulnerabilities and present a detailed report on application Layer security vulnerabilities which could be exploited for gaining access to the database servers.
The Act mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud, and created the "Public Company Accounting Oversight Board," also known as the PCAOB, to oversee the activities of the auditing profession.
The full text of the Act is available at: