Sarbanes-Oxley Act
The Sarbanes-Oxley Act (SOX) was signed into law on July 30th, 2002, and introduced significant legislative changes to financial practice and corporate governance regulation. It introduced strict new rules with the stated objective, “to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.” These rules are required to be met by certain deadlines. Most public companies must meet the financial reporting and certification mandates for financial statements filed after November 15th, 2004. Smaller and foreign companies must be in compliance for any statements filed after July 15th, 2005.
The Act affects many areas of the organization including IT. One of the more difficult aspects of compliance is the need to limit access rights and privileges to the least required. Administrators have become accustomed to having privileges beyond those required for many operational tasks, and to giving end-users elevated permissions to workstations in order to address an isolated problem. Although the idea of least privilege execution has existed for years, the tools to meet this lofty goal have not been available. Windows sets access permission at the same level for each task an administrator or end-users launches. In order to achieve SOX compliance, organizations must find a way to operate within the accepted definition of least privileges, varying permissions based on the task, not the just the person.
PolicyMaker solves this problem with Application Security policy, which provides administrators a method to associate permissions and privileges with authorized tasks and applications. Using this policy, organizations can lower the permissions and privileges under which applications such as Internet Explorer and Microsoft Outlook will run when launched by an administrator. These applications don’t generally require elevated access, and can unnecessarily expose the network to attacks. Similarly, this policy allows organizations to elevate access for tasks and applications launched by restricted end-users, so that the end-user does not have to be given globally elevated permissions.
PolicyMaker provides a significant group of additional policy-based security solutions that help ensure the accuracy and reliability of corporate financial disclosures. These solutions allow organizations to solve the more difficult security problems that result from the nature of the distributed desktop environment, making it less likely that network security measures will be compromised.
The Act affects many areas of the organization including IT. One of the more difficult aspects of compliance is the need to limit access rights and privileges to the least required. Administrators have become accustomed to having privileges beyond those required for many operational tasks, and to giving end-users elevated permissions to workstations in order to address an isolated problem. Although the idea of least privilege execution has existed for years, the tools to meet this lofty goal have not been available. Windows sets access permission at the same level for each task an administrator or end-users launches. In order to achieve SOX compliance, organizations must find a way to operate within the accepted definition of least privileges, varying permissions based on the task, not the just the person.
PolicyMaker solves this problem with Application Security policy, which provides administrators a method to associate permissions and privileges with authorized tasks and applications. Using this policy, organizations can lower the permissions and privileges under which applications such as Internet Explorer and Microsoft Outlook will run when launched by an administrator. These applications don’t generally require elevated access, and can unnecessarily expose the network to attacks. Similarly, this policy allows organizations to elevate access for tasks and applications launched by restricted end-users, so that the end-user does not have to be given globally elevated permissions.
PolicyMaker provides a significant group of additional policy-based security solutions that help ensure the accuracy and reliability of corporate financial disclosures. These solutions allow organizations to solve the more difficult security problems that result from the nature of the distributed desktop environment, making it less likely that network security measures will be compromised.
Edited by: John Arquilla, David Ronfeldt Pages: 380 ISBN: 0-8330-3030-2
