Web Application Security and Sarbanes-Oxley Compliance

An important issue facing companies today is Sarbanes-Oxley compliance, but, as the U.S. Sarbanes-Oxley Act of 2002 (SOX) is relatively new, the implementation of the regulation has not been fully established. The requirements of SOX compliance focus on establishing a system of checks and balances for corporate financial reporting and are designed to hold executives, accountants, and auditors of public corporations to higher standards. While the requirements for SOX compliance only directly affect public corporations, there has been a trickle-down effect to private companies serving as business associates, consultants, and outsourced service providers. Given this, both public and private companies need to have an understanding of Sarbanes-Oxley compliance to ensure that their daily business practices are aligned with its specific requirements. Achieving Sarbanes-Oxley compliance is not impossible, but there are a few key elements beyond ethical leadership that are necessary to achieve and maintain it. Public corporations must implement the proper information access controls and possess the appropriate tools to ensure that information is kept secure. These, combined with practical security policies and processes, will go a long way toward keeping corporate executives out of the hot seat with regulatory officials and will also provide value well beyond SOX compliance. Overview of SOX The http://news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf DISCLAIMER: The authors have used their best efforts in the preparation of this whitepaper. The information and opinions provided in this whitepaper do not constitute or substitute for legal or other professional advice. Readers should consult their own legal or other professional advisors for individualized guidance regarding the application of the SOX Act to their particular situations and in connection with other compliance-related concerns. Caleb Sima is the co-founder of SPI Dynamics, a Web application security testing methods and has contributed to (IN)Secure Magazine, Baseline Magazine and been featured in the Associated Press.

Kevin Beaver founder of Atlanta-based