SarbanesOxleyFocus.com

There are three perspectives of Identity Management nowadays:
1. The pure identity paradigm: Creation, management and deletion of identities without regard to access or entitlements;
2. The user access (log-on) paradigm: For example: a smart card and its associated data used by a customer to log on to a service or services (a traditional view);
3. The service paradigm: A system that delivers personalized, role-based, online, on-demand, multimedia (content), presence-based services to users and their devices.

Each of this perspective has their own approach for audit & compliance for Sarbanes Oxley. So just try each own approach to makes better system compliances process.

Popularity: 5% [?]

List of naming standard sample for SOX Compliance:

Annual 3rd Party Internal and External Vulnerability Assessment Scan Log
Annual Enterprise Network Architecture & Design Review Log
Annual Firewall System Restore Log
Annual Email System Restore Log
Annual Windows Print & File Server System Restore Log
Daily Anti-Virus Exceptions Log
Daily Email Back-up Log
Daily Windows Print & File Server Back-up Log
Inventory of Hardware, OS, Patches
Quarterly Contractor Terminated User’s Audit Log-Network
Quarterly Domain Admin Password Change Log
Quarterly Employee Terminated User’s Audit Log-Network
Quarterly Firewall Back-up Log
Quarterly Firewall ID Review Log
Quarterly Firewall Password Change Log
Quarterly Firewall Patch OS Assessment Log
Quarterly Internal and External Vulnerability Assessment Scan Log
Quarterly Review of Inventory of Hardware, OS, Patches Log
Quarterly Switch and Router Backup Log
Quarterly Switch and Router Password Change Log
Quarterly Switch & Router ID Review Log
Quarterly Switch & Router Patch OS Assessment Log
Weekly Microsoft Security Monitoring and Intrusion Detection Log
Weekly Network Infrastructure Security Monitoring and Intrusion Detection Log

Popularity: 14% [?]

Do SOX 404 require us to create a good and comprehensive Log Management Tools? there are many discussion about that. But the main point is that the Log Management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc). LM covers log collection, centralized aggregation, long-term retention and log analysis (in real-time and in bulk after storage). Syslog offers the most common example of such log messages. Systems administrators usually perform LM analysis for reasons of security, of operations (such as system or network administration) or of regulatory compliance.

Do you have any experience regarding Log Management and SOX Requirements?

Popularity: 15% [?]

1. Can your tool collect and aggregate 100 percent of all log data from all inscope log sources on the network?
2. Are your logs transported and stored securely to satisfy the CIA (Confidentiality, Integrity, Availability) of log data?
3. Are there packaged reports that suit the needs of your Sarbanes Oxley projects stakeholders such as IT, auditors, maybe even Finance or Human Resources? Can you create the additional needed reports to organize collected log data quickly?
4. Can you set alerts on anything in the logs in order to satisfy the monitoring requirements? (more…)

   Popularity: 8% [?]