List of Log Report that required by SOX 404
- User Logon/Logoff Report : Sec 302 (a)(4)(C) and (D) - log-in/log-out monitoring
- Logon failure report
- Audit Log Access report
- Object Access report
- System Event report
- Account Mgmt report : sec 302 (a)(6)
- Audit policy changes : sec 302 (a)(5)
- User/Application/Directory or file access : sec 302 (a)(5)
Popularity: 14% [?]
List of naming standard sample for SOX Compliance:
Annual 3rd Party Internal and External Vulnerability Assessment Scan Log
Annual Enterprise Network Architecture & Design Review Log
Annual Firewall System Restore Log
Annual Email System Restore Log
Annual Windows Print & File Server System Restore Log
Daily Anti-Virus Exceptions Log
Daily Email Back-up Log
Daily Windows Print & File Server Back-up Log
Inventory of Hardware, OS, Patches
Quarterly Contractor Terminated User’s Audit Log-Network
Quarterly Domain Admin Password Change Log
Quarterly Employee Terminated User’s Audit Log-Network
Quarterly Firewall Back-up Log
Quarterly Firewall ID Review Log
Quarterly Firewall Password Change Log
Quarterly Firewall Patch OS Assessment Log
Quarterly Internal and External Vulnerability Assessment Scan Log
Quarterly Review of Inventory of Hardware, OS, Patches Log
Quarterly Switch and Router Backup Log
Quarterly Switch and Router Password Change Log
Quarterly Switch & Router ID Review Log
Quarterly Switch & Router Patch OS Assessment Log
Weekly Microsoft Security Monitoring and Intrusion Detection Log
Weekly Network Infrastructure Security Monitoring and Intrusion Detection Log
Popularity: 14% [?]
Do SOX 404 require us to create a good and comprehensive Log Management Tools? there are many discussion about that. But the main point is that the Log Management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc). LM covers log collection, centralized aggregation, long-term retention and log analysis (in real-time and in bulk after storage). Syslog offers the most common example of such log messages. Systems administrators usually perform LM analysis for reasons of security, of operations (such as system or network administration) or of regulatory compliance.
Do you have any experience regarding Log Management and SOX Requirements?
Popularity: 15% [?]
The OMB provides guidelines in management oversight. “To ensure senior management involvement, many agencies have established their own senior management council, often chaired by the agency” lead management official, to address management accountability and related issues within the broader context of agency operations.”Relevant issues for such a council include ensuring the agency” commitment to an appropriate system of internal control; actively overseeing the process of assessing internal controls, including nonfinancial as well as financial reporting objectives; recommending to the agency head which control deficiencies are material to disclose in the annual FMFIA report; and providing input for the level and priority of resource needs to correct these deficiencies.
To meet these objectives, management is responsible for developing and maintaining internal control activities that comply with the following COSO-based standards:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communications
- Monitoring
Popularity: 12% [?]
Powered by WordPress