Login Signup
Verified Document

Sarbanes-Oxley Act Essay

Related Topics:
Business Continuity Security Breach Accounting Information Systems Integrity
Download Full Essay Cite Document

Sarbanes-Oxley Act on Internet security systems

As well as impacting accounting, the Sarbanes-Oxley Act also had a significant impact upon IT security: "Each organization that is affected by the Sarbanes-Oxley Act has some level of reliance on automated information systems to process and store the data that is the basis of financial reports. The Act requires these organizations to consider the IT security controls that are in place to promote the confidentiality, integrity, and accuracy of this data" (Byrum 2003: 3). All security controls protecting such data must be analyzed for effectiveness: acceptable controls may include flagging multiple login attempts and restricted data accessibility for all data covered by the Act (Byrum 2003: 4). This ensures that financial information is less likely to be tampered with, a critical concern of SOX.

The Act does not specify which types of controls are required given that this will vary with the needs of the organization. However, it does identify three critical areas of Internet security as "infrastructure security, access control, and contingency planning" (Byrum 2003: 6). In other words, the infrastructure within which the data is kept must have integrity, access cannot be unfettered, yet there must also be plans for what to do if the data is breached. Financial data must be encrypted when transmitted to ensure security via firewalls and plans must be instituted to ensure that if the firewall is breached, this is immediately flagged (Byrum 2003:7). Access control not only means password protection and user authentication but also the fact that data is restricted to only persons with a legitimate need of access (Byrum 2003: 8). Finally, business continuity planning or contingency planning is also required. Transactions during any system downtime must be documented. "A major purpose of a business continuity plan is to ensure the integrity and availability of crucial data after a disaster or other disruption of service" (Byrum 2003: 10). Regular re-testing of systems for financial compliance is also demanded given that security procedures may weaken over time.

References

Byrum, S. (2003). The impact of the Sarbanes-Oxley Act on Internet security. SANS.

Retrieved from:

http://www.sans.org/reading-room/whitepapers/casestudies/impact-sarbanes-oxley-act-security-1344

 

Download Full Essay
Cite this Document:
Copy Bibliography Citation

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now