SARBANES-OXLEY and Event Log Management
To comply with Sarbanes-Oxley, all organizations that publish financial
corporate information must implement a comprehensive information security
program that is designed to protect all financial information. Managing and
setting proper audit policies in the Security event log is an important
component to compliance. Engagent offers solutions to ensure compliance to
the IT monitoring aspects of Sarbanes-Oxley.
1. WHAT IS SARBANES-OXLEY?
Sarbanes-Oxley is the U.S. government's response to Enron, WorldCom,
Adelphi, Tyco scandals. CEOs and CFOs of public companies now must swear
under oath that the financial statements of public companies are
accurate and complete.
2. WHOM DOES SARBANES-OXLEY AFFECT?
All public companies, big or small, domestic or foreign, that have
registered under the Exchange Act or have a pending registration statement
under the Securities Act of 1933. Sarbanes-Oxley imposes new
on executives, board members, audit committees, auditors and lawyers.
3. WHEN DO THEY HAVE TO COMPLY BY?
The September 30, 2003 deadline requires clear internal controls around
financial reporting and its governance.
4. WHAT HAPPENS IF THEY DON'T COMPLY BY THEN?
Executives that knowingly sign falsified reports and anyone that destroys
audit records can receive up to 10 years in prison and fines. Destruction,
falsification, alteration of documents in federal investigations and
bankruptcy proceedings can lead to sentences of up to 20 years in prison and
fines. Sarbanes-Oxley is ultimately about ensuring that internal controls
are in place to secure financial information. It has strict rules and
regulations for IT monitoring which are required to ensure that minimum
security breaches occur on your IT network. Engagent's Event Log management
solutions allow you to manage and comply specifically with the IT event log
monitoring aspects of Sarbanes-Oxley regulations.
Proper IT security monitoring includes implementing proper access for user
accounts and then creating audit policies in the security event logs. The
security event log will provide the important details about activities on
your network. For IT monitoring and compliance the native Microsoft Security
Event Log offers 9 audit policies for system security compliance.
Implementing these Audit Policies and managing the events meets key
requirements specified in Sarbanes-Oxley Section Five.
The Nine Audit Policies are:
1. Account Logon
3. Account Management
4. Policy Change
5. Process Tracking
6. Object Access
7. Privilege Use
8. System Events
9. Directory Service Access
Implementing these audit policies produce detailed records for the following
IT security aspects of Sarbanes-Oxley.
1. Monitor passwords changes
2. Monitor changes to access rights to shares, files, folders, etc.
3. Monitor attempts to unauthorized access to computer system resources.
4. Monitor attempts to unauthorized access to information held in
5. Regularly audit all internal system activity including logins, file
accesses and security incidents.
6. Produce and retain logs recording exceptions and security-related event
7. Monitoring any attempts to unauthorized changes to IT systems.
8. Monitor key system files and critical data for unauthorized changes.
9. Manage Active Directory permissions for user accounts, groups and
10. Monitor unauthorized Active Directory access permissions
11. Monitor and Verify any change users, groups, rights, and user account
12. Notification of group policy changes
13. Monitors authorized users attempts to perform unauthorized activities
14. Log actions in detail and provide extensive security reporting
15. Report on permission changes in Active Directory
16. Monitor and log user information, access information, date and time
17. Monitor and notify of real-time policy modifications
18. Report on last accessed dates for files and applications.
The security log displays detailed information about logins, file access,
and policy change attempts. Implementing these audit polices on your network
will generate hundreds of records (events) in the event log files on your
servers. The events showing activities specifically related to compliance
occur in the native
Microsoft security event log. The easiest and best way to manage these
records is to store the events in a database.
The insertion of all the events in the event logs into a database is a
crucial first step for reporting and to show compliance. Engagent event
solutions automatically store all events from all servers into an SQL
database. Engagent's View SQL is a database viewing tool that creates the
reports to detail your organizations adherence to government IT security
regulations. Without a sorting and filtering tool to manage the events,
valuable compliance information is not readily available. View SQL will
allow you to create specific reports for each one of the IT monitoring
compliance points in Sarbanes-Oxley. When the events are stored in a
database you will have a repository that can be produced for any time period
you specify; daily, weekly or monthly. Reports are easily generated
detailing the specific events that relate to IT security compliance.
The easiest way to adhere to government regulations is to create automated
processes for compliance. If your organization is required to comply with IT
monitoring for security regulations you must implement a tool for Windows
Event Log Management. Engagent's solutions are easy to implement and
configure. Without automated processes offered by Engagent's event log
management tools the manual tasks required to show compliance will take
additional staff time and likely produce errors that compromise security.
Free Product Download
Evaluating Automated Security Tools
Why you should monitor your event logs
Event Log Management COST JUSTIFICATION
Alert Percentage By Server
Event Watch Report
EventLog Watch Percentage By Server
Monitored Performance Counters
Selected Performance Counters
Server Status Report