Achieving SOX Compliance with Masergy Security Professional Services



Similar documents
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

NERC CIP Compliance with Security Professional Services

CloudCheck Compliance Certification Program

CLOUD GUARD UNIFIED ENTERPRISE

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Clavister InSight TM. Protecting Values

Payment Card Industry Data Security Standard

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

How To Protect Your Network From Attack From A Network Security Threat

Patching & Malicious Software Prevention CIP-007 R3 & R4

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Current IBAT Endorsed Services

How To Buy Nitro Security

Advantages of Managed Security Services

Injazat s Managed Services Portfolio

Building a Web Security Ecosystem to Combat Emerging Internet Threats

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

White Paper. Sarbanes Oxley and iseries Security, Audit and Compliance

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SANS Top 20 Critical Controls for Effective Cyber Defense

Achieving PCI-Compliance through Cyberoam

Managed Security Services

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Information security controls. Briefing for clients on Experian information security controls

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

NetDefend Firewall UTM Services

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Cisco Advanced Services for Network Security

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Chapter 1 The Principles of Auditing 1

The Protection Mission a constant endeavor

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

SUPPLIER SECURITY STANDARD

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

NetDefend Firewall UTM Services

Enterprise Computing Solutions

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

LogRhythm and NERC CIP Compliance

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

End-user Security Analytics Strengthens Protection with ArcSight

IBM Global Technology Services Preemptive security products and services

Cybersecurity Health Check At A Glance

Defending Against Data Beaches: Internal Controls for Cybersecurity

Protecting productivity with Plant Security Services

MANAGED SECURITY SERVICES (MSS)

The Challenges and Myths of Sarbanes-Oxley Compliance

Cisco Security Intelligence Operations

Tenzing Security Services and Best Practices

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

IBM Security QRadar Vulnerability Manager

74% 96 Action Items. Compliance

Unified Threat Management, Managed Security, and the Cloud Services Model

GFI White Paper PCI-DSS compliance and GFI Software products

Information Technology Policy

PCI Requirements Coverage Summary Table

INCIDENT RESPONSE CHECKLIST

How To Sell Security Products To A Network Security Company

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

IT Security & Compliance. On Time. On Budget. On Demand.

Tata Communications Security Outsourcing. A Must-have for Entry into the Global Economy.

V1.4. Spambrella Continuity SaaS. August 2

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

How To Achieve Pca Compliance With Redhat Enterprise Linux

Astaro Gateway Software Applications

A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT

LogRhythm and PCI Compliance

Unified Security Anywhere PCI COMPLIANCE PCI COMPLIANCE WE CAN HELP MAKE IT HAPPEN

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Boosting enterprise security with integrated log management

North American Electric Reliability Corporation (NERC) Cyber Security Standard

How To Secure Your Store Data With Fortinet

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Italy. EY s Global Information Security Survey 2013

Sarbanes-Oxley Compliance for Cloud Applications

Transcription:

Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called SOX), establishes new and enhanced standards for all U.S. public company boards, management, and public accounting firms, and requires that these companies implement financial reporting controls that ensure the accuracy of the financial information they provide to investors. The Public Company Accounting Oversight Board (PCAOB), a new quasi-public agency established by SOX, is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. It also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. Within this context, Section 404 of the Sarbanes-Oxley Act states that on an annual basis, CEOs and CFOs must confirm that the company s control environment is adequate to ensure the overall integrity of its financial information, and that its environmental processes and procedures are adequately documented and effectively communicated. While this section fails to specify what IT needs to do to comply, the majority of auditors have adopted the Control s for Information and related Technology (COBIT) framework which is published by the IT Governance Institute. This framework encompasses 34 IT processes that are organized in the following domains: Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate Masergy has extensive experience in helping organizations improve their security and compliance posture while reducing their network security infrastructure s total cost of ownership. Our holistic, architecturally-based Unified Enterprise Security ( UES) security suite, combined with our 24/7 Managed Security Services and Professional Services, align with specific control objectives for Deliver and Support (DS) and Monitor and Evaluate (ME) domains within the COBIT framework. The chart below describes these specific control objectives and identifies how Masergy s complete security solution can help you efficiently and cost-effectively meet or exceed the requirements they set forth.

COBIT Control s supported by Masergy DS5 Ensure System Security DS5.3 Identity Management Ensure that all users are uniquely identifiable. Enable user identities via authentication mechanisms. Maintain user identities and access rights in a central repository. Deploy cost-effective technical and procedural measures, and keep them current to establish user identification, implement authentication and enforce access rights. Masergy s fully integrated security suite provides for the creation and management of granular access and authorization rules. Using a risk-based methodology, Masergy s Professional Services team can help you evaluate your Systems Security and Identity Management methods, processes and procedures, and make recommendations for areas in need of improvement in relation to SOX requirements (DS5 and DS5.3). Additionally, our Managed Firewall and Network Access Monitoring services can provide you with 24x7 firewall management and monitoring of your network access points by certified security professionals. Our firewall experts will audit policies to ensure that they align with SOX requirements, perform on-going rule-set changes and monitor these devices for any signs of attack. Network Access Monitoring Professional Services DS5.4 User Account Management Address requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges with a set of user account management procedures. Perform regular management review of all accounts and related privileges. This requirement calls for user account management and authentication, which are standard features within Masergy s integrated security portfolio. Masergy s Professional Services team can work with you to establish account management procedures, set user privileges and conduct regular account reviews. Further, Masergy s Security Monitoring service, provided by our certified security professionals 24x7, can help you easily demonstrate compliance with account management and authentication requirements. Firewall & Server Log Management Policy Monitoring Security Monitoring Professional Services

DS5.56 Security Testing, Surveillance and Monitoring Test and monitor the IT security implementation in a proactive way. A logging and monitoring function will enable the early prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be addressed. Masergy s Security Monitoring and Event/Threat Management capabilities allow administrators to not only test and monitor the enterprise security posture for significant events, intrusions, and anomalies, but also proactively detect, prevent, and deter threats through adaptive information sharing and correlation of detected threats, alerts and logs with detected vulnerabilities between all security applications and appliances. From Managed Firewall services to Vulnerability Scanning, Network Access and Security Monitoring, Masergy has a full suite of enterprise-class tools and services to help you easily demonstrate compliance with Sox requirements. Managed Signature IDS/IPS Managed Behavioral IDS & Server Logs Network Access Monitoring Security Monitoring Security Event Management Threat Management Professional Services DS5.6 Security Incident Definition Clearly define and communicate the characteristics of potential security incidents so they can be properly classified and treated by the incident and problem management process. Masergy s UES security suite helps you to proactively identify, classify and respond to security incidents. Our certified security professionals provide 24/7 enterprise-wide security monitoring and escalation to prevent and respond to security incidents. In addition, our Professional Services team can work with you to develop an Incident Response Plan and ensure that it meets or exceeds minimum SOX requirements for classification, response, reporting and documentation as indicated by DS5.6. We have World-class managed services backed by a custom security alert response procedure and Masergy s Enterprise Unified Threat Management System including: Managed IDS/IPS & Server Logs Network Access Security Event Management Threat Management

DS5.9 Malicious Software Prevention, Detection and Correction Put preventive, detective and corrective measures in place (especially up-to-date security patches and virus control) across the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam). Masergy s multi-layered security software includes Zero-Hour Virus Protection that proactively identifies outbreaks as soon as they emerge; Recurrent Pattern Detection-Enabled Anti- Spam that detects and blocks spam automatically and remains consistently effective in the face of repeated and evolving spammer attempts; and IP Reputation service that fights spam and emailborne malware at the perimeter, reducing up to 90% of incoming messages at the entry-point, before they enter the network. Further, our managed IDS/IPS and vulnerability scanning capabilities can detect, deter, prevent and mitigate the introduction, exposure, and propagation of malware. All-n-One Security Module which provides gateway anti-virus, content filtering, IP reputation and anti- spam Managed IDS/IPS Managed Behavioral IDS Regular audits and testing through Masergy s Professional Services DS5.10 Network Security Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks. Masergy s holistic, behavioral-based solution enables a comprehensive set of enterprise-class security applications to adaptively share and correlate detected threats, alerts and logs with detected vulnerabilities between applications and appliances. This fully integrated approach enables our Enterprise UES security products to continuously predict, adapt and respond to changing network threats, thereby providing substantially better service and far greater network security protection at a much lower cost-ofownership. In addition, our 24/7 Professional Services team has the breadth and depth of experience to help you identify best practices within your network security infrastructure and achieve ongoing regulatory compliance within your unique vertical market. Managed All-n-One Security Module Managed IDS/IPS & Server Logs Network Access Monitoring Security Event Management Threat Management Professional Services to consult on security best practices

DS5.11 Exchange of Sensitive Data Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, and proof of receipt and non-repudiation of origin. Masergy s Firewall Syslog Module, which utilizes Virtual StrongBox technology, can securely monitor and analyze encrypted data files without ever having to decrypt the data. Our integrated managed firewall solution can capture, monitor and store log files from a variety of third-party firewalls, switches, routers, and applications running on servers. Further, it addresses data storage, local encryption, and key management requirements and provides comprehensive file-level security by incorporating the following unique and trusted technologies: Autonomous File- Level Security, Key Management, Identity Management, and Policy Management. Keneisys Virtual StrongBox Technology integrated with the Masergy Firewall Syslog Module Managed Syslogs ME1 Monitor and Evaluate IT Performance ME1.4 Performance Assessment ME1.5 Board And Executive Reporting ME 1.6 Remedial Actions Periodically review performance against targets, analyze the cause of any deviations, and initiate remedial action to address the underlying causes. At appropriate times, perform root cause analysis across deviations. Develop senior management reports on IT contributions to the business. Provide the report to senior management, and solicit feedback from management s review. Identify and initiate remedial actions based on performance monitoring, assessment and reporting. Masergy can log security performance across its systems as well as capture, monitor and store log files from a variety of thirdparty party devices, including firewalls, switches, routers, and applications running on servers. Our Managed Security Services provides 24x7 monitoring and management of your network. We can provide actionable, eventbased remediation, as well as detailed management, incident response and on-demand reporting to help you identify and prevent network security problems and respond to immediate security issues. World-class managed services including 24/7 monitoring, incident response & reporting, on-demand reporting 24/7, weekly summary reporting and quarterly security reviews

Additional Resources Sarbanes-Oxley Financial and Accounting Disclosure Information: http://www.sarbanes-oxley.com Information Systems Audit and Control Association website: http://www.isaca.org Contact Masergy Today For more information regarding our Unified Enterprise Security solutions, contact us at 1 (866) 588-5885 or visit us online at www.masergy.com. 2009 Best Products & Services Reader s Trust Award Network Products Guide has named Masergy a winner of the 2009 Best Products and Services - Reader s Trust Award for Unified Security. 2009 Global Product Excellence - Customer Trust Award Info Security Products Guide has named Masergy a winner of the 2009 Global Product Excellence Customer Trust Award for Integrated Security. 2009 Product Innovation Award Network Products Guide has named Masergy s Enterprise UTM++ a winner of the 2009 Product Innovation Award for the overall Security Solution (Hardware and Software) category. Masergy also receive the Product Innovation award in 2008 for its All-n-One Security Module for Enterprise UTM. 2009 Tomorrow s Technology Today Award Info Security Products Guide has named Masergy s Enterprise UTM++ a winner of the 2009 Tomorrow s Technology Today Award for the Integrated Security Solution (Hardware and Software) category. Masergy has also received the Tomorrow s Technology Today award in prior years (2006, 2007 & 2008) for Unified Security, Network Security and Security Risk Management Managed Security Services. SC Magazine 2008 Industry Innovator SC Magazine has recognized Masergy for its industry innovation in the unified threat management category. Rev. 032015 www.masergy.com +1 (866) MASERGY (627-6749) Masergy Communications, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information