|
Sarbanes Oxley Internal Control Logging And Auditing Software
Running an IT Department that supports many users and has few IT Staff Members can create a Sarbanes Oxley Section 404 Challenge. As part of your Section 404 Sarbanes Oxley Audits you must be prepared to prove that you can detect and log authorized and unauthorized access and changes to systems covered under Sarbanes Oxley.
This presents a problem to the stretched IT department but there are great software tools that can make preparing for Section 404 Sarbanes Oxley Audits less daunting. Always assume that your SOX Auditor will want you to show that you log authorized and unauthorized logons as well as changes made to the data and operating system on systems covered under Section 404. Telling the auditor that a staff member reviews the data is generally not accepted with confidence unless you can prove that regular review of the event logs and a great change process exists. Two pieces of software automated this requirement for us and strengthened our Sarbanes Oxley Internal Control testing.
Tripwire Change Auditing Software: We began using Tripwire on servers covered under Sarbanes Oxley. Tripwire will show all changes made to the file system and registry and produce reports and alerts as often as you wish. Once you establish a baseline of changes that occur naturally on the server you simply monitor your Tripwire reports to see that your baseline has not changed. When a change occurs you can tell because your baseline number of changes goes off the charts. Tripwire reports then show each and every change so you can tell exactly what happened. This fulfills the Sarbanes Oxley requirement that you know who and when made changes and can help detect unauthorized changes either because change management policy was not followed or because there has been a breach of security.
Event Tracker Event Log Consolidation and Alerting: EventTracker Software from Prism Microsystems consolidates event logs to SQL Databases and then provides a great interface to pull data from event logs and alert based on logged events. Sarbanes Oxley Auditors love tools that can take human error out of the picture. Section 404 Internal Controls place the ability to pull what happened and alert when events happen at the top of the list for crucial Internal Controls. EventTracker not only collects and allows for the easy retrieval of event information but you can set Event Tracker to alert you when a specific event occurs. Here are a few events I alert on as part of my Section 404 Sarbanes Oxley Internal Controls. Additions to the Domain Administrators Group, Account lockout due to too many incorrect passwords.
|
|
Preparing Windows Servers for Sarbanes Oxley Section 404 Testing and Auditing Sarbanes Oxley Section 404 Deadline Sarbanes Oxley Compliance - No Easy Trick |