Cloakware's Sarbanes-Oxley Compliance Position Paper Raises Red Flag on Administrator and Application Password Management."Raising the Security Bar: Cloakware's Contribution to Sarbanes-Oxley Compliance" Addresses Insider Threat Presented by Unattended Passwords VIENNA, Va. -- Cloakware Inc., the world's leading provider of products and services to protect digital assets, today announced the availability of a new position paper, Raising the Security Bar: Cloakware's Contribution to Sarbanes-Oxley Compliance. The free paper provides assessment benchmarks to help readers determine if their organizations' current password management controls are adequate and also tackles the challenges of complying with key sections of the Sarbanes-Oxley (SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. ) legislation, which are complex in nature for any IT organization to address. SOX legislation outlines the controls that need to be in place to protect an organizations' financial reporting process. However, one of the most overlooked weaknesses of any IT system is the thousands of unmanaged, clear text passwords used by scripts and applications within the data center. This is a threat hiding in plain sight that puts all of the collected data that is the foundation of any organization's financial and business reporting at risk. In today's environment of increased accountability, the ability to deliver both preventive preventive /pre·ven·tive/ (pre-vent´iv) prophylactic. pre·ven·tive or pre·ven·ta·tive adj. Preventing or slowing the course of an illness or disease; prophylactic. n. and detective controls that contribute to SOX compliance is critical. Cloakware's position paper addresses these issues by posing questions to:
-- Help determine how agile current password management procedures
are, such as:
-- How often are database passwords changed?
-- Who has access to the passwords?
-- On which occasions are passwords updated?
-- Bring to light possible SOX-related audit issues, such as:
-- Do you use shared administrative accounts across your servers?
-- If using either shared or unique administrative IDs, are
the passwords unique?
-- Can you definitively report which applications are permitted to
connect with other applications, and the criteria under which
connections are allowed?
One of the key findings of this position paper is that while Sarbanes-Oxley compliance demands far-reaching changes to the processes, practices and behaviors used to control financial data environments, many organizations still neglect the critical task of managing the passwords used within the data center by administrators and applications. This creates a significant weakness in IT controls for financial reporting. "With federal legislation placing increased pressure on corporations to comply with mandated standards in the financial reporting process, the need to protect critical digital assets will not subside sub·side intr.v. sub·sid·ed, sub·sid·ing, sub·sides 1. To sink to a lower or normal level. 2. To sink or settle down, as into a sofa. 3. To sink to the bottom, as a sediment. 4. any time soon," said Alec Main, Cloakware's CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. . "Cloakware developed this position paper as a tool to help companies prepare a plan of action. Our goal is to serve as a complete resource for those turning their attention to the challenge of password management controls and to equip e·quip tr.v. e·quipped, e·quip·ping, e·quips 1. a. To supply with necessities such as tools or provisions. b. them to meet current mandates as well as evolving requirements." To download To receive a file transmitted over a network. In any communications session, "download" means receive, and "upload" means send. The download/upload often implies a big/little scenario, in which data is being downloaded from the "big" server into the "little" user's computer. Raising the Security Bar: Cloakware's Contribution to Sarbanes-Oxley Compliance, visit the Cloakware web site at http://www.cloakware.com/whitepapers/121806/. About Cloakware Cloakware is the world's leading provider of products and services to protect digital assets. The company's software protection and anti-tamper solutions protect software, media, passwords and data from piracy piracy, robbery committed or attempted on the high seas. It is distinguished from privateering in that the pirate holds no commission from and receives the protection of no nation but usually attacks vessels of all nations. and unauthorized access and use. Cloakware solutions are on hundreds of millions of devices, protecting the assets of some of the world's largest, most recognizable and technologically advanced companies. Cloakware's integrated software Separate software components or applications that have been combined into one package. See integrated software package. protection makes security inseparable in·sep·a·ra·ble adj. 1. Impossible to separate or part: inseparable pieces of rock. 2. Very closely associated; constant: inseparable companions. from software. Partnering with Microsoft and in collaboration Working together on a project. See collaborative software. with Intel, Cloakware helps consumer electronics and Fortune 1000 companies and Federal agencies all benefit from reduced development costs, improved time to market and mitigated mit·i·gate v. mit·i·gat·ed, mit·i·gat·ing, mit·i·gates v.tr. To moderate (a quality or condition) in force or intensity; alleviate. See Synonyms at relieve. v.intr. To become milder. risks. The company is headquartered in Vienna, VA, and has offices in Ottawa, Canada and the UK, and regional sales offices throughout the US. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion