I need citations on my assignment IN 1 HRS TIME
Running head: MOBILE APPLICATION SECURITY 1
MOBILE APPLICATION SECURITY 2
Mobile Application Security
Student’s Name
Institutional Affiliation
Audit Requirements for Finance Systems (Sarbanes-Oxley, GLBA Compliance)
Introduction
When considering audit requirements for finance system, the right place to start to make this examination will be to consider the Sarbanes-Oxley (SOX) Act. This act was developed and enacted as a result of turmoil in the US corporate world. At this time Enron and WorldCom experienced a very public collapse causing investors to loose billions of dollars not to mention them loosing fundamental trust in US corporations. With the downfall of Arthur Anderson – one of the largest public accounting firms in the US, it was clear that the need address the emerging challenges in corporate governance. .
The Sarbanes-Oxley Act was thus a response aimed at restoring and renewing investor trust in addition to them understanding public corporation financial reporting in order to achieve reports that were reliable and useful. This is indeed capture in section 302 – Corporate responsibility for financial reports, and section 404 – management assessment of internal controls. These sections empowered and make gate keepers central to the generation of truthful and factual reports by public organisation. The top leadership could no longer get away with claiming that they did not know. They were personally and individually responsible for the integrity of the public organizations reported financial information.
Research Summary for the Selected Policy Topic
The requirement for US corporations to comply with SOX requirements is meant to ensure that they achieve accuracy, integrity and security specifically with respect to financial information that is in their domain. To achieve this, the systems espoused and enforced by the Sarbanes-Oxley Act rely heavily on ‘gate keepers’. This was meant to ensure the people at the very top of the organisation take personal responsibility to ensure is truthful and accurate with regards to the information being relayed.
Compliance with Sarbanes-Oxley act by corporations is determined by examination of SOX compliance audit reports. These reports are generated as a result of automation of SOX 302 and 404. With this, the need to ensure compliance of the system in securing corporate network security, incessant monitoring of the network with responses and/or alerts with regards to unauthorized and authorized data access and systems integrity has become critical. It is a self defeating act to wait until the end of the financial period to address these reports. Thus IT allows a daily and timely generation of reports to allow for a swift and judicious intervention where gaps or loop holes are identified or found.
To circumvent the monotony that can be synonymous with managing and analyzing daily log in details in to the system, one of the possible solutions is to use an automated log management solution. This enables for rapid and timely generation of predefined reports which greatly contribute quick SOX compliance. These reports are meant to enable for almost on-time monitoring of all actions that might compromise the integrity of the financial information. It must thus collect, analyze, correlate and archive all log data from the various sources across the network. It has emerged that for those with the responsibility of ensuring stronger governance, the continuous monitoring of log data will thus empower them to guarantee security and integrity of confidential data. Instead of having to react a long time after the infringement was committed, they can react and undertake remedial measures within a short time of the infringement being committed. This reduces the risk and losses to the organizations in addition to strengthening the public organizations’ management.
Identification and Discussion of Policy Issues
It is an SOX requirement under section 302 (A) (4), (C) and (D) that all users who access the system must be recorded. In addition to their details being recorded, their activities must be monitored to ensure there is no abuse of the system. It thus becomes an organization’s policy to only allow access to authorized personnel. The reports generated will show all successful and failed logons and logoffs. It also allows for the real time flagging on any unauthorized access. This monitoring should be across the network and must not exclude access and activities of privileged users.
The next policy concerns object access. Compliance with SOX demands that the user be identified when a particular specific object or file or folder is accessed, that the operations that have been performed on the object, file or folder are captured – it could be read, write, delete or modify, whether the access was successful and the individual who performed the action. This policy is designed and intended to ensure that the integrity of the system is maintained and protected. It covers even confidential data.
The next policy is with regard to sessions any terminal is in use. Adherence with SOX requirements will require connection, reconnection and disconnection of terminal server sessions be captured and analyzed. This is meant to assist in the tracking of the hose session status.
When an audit policy is changed, this is must be captured. This particular log will allow for rapid determination of which changes have been effected, when they were recommended and who affected them. Specifically, they provide insights on the security level changes to the audit policies.
Finally the user and computer account changes policy guides the organization in ensuring complete network security. This policy is critical in monitoring privileged user accounts and security configuration settings such as adding and removing a user account to an administrative group. By tracking all users and their computer account management changes, this policy allows for real time alerts when critical security configurations changes are effected.
Recommendations for Improving Policy Implementation
Sarbanes-Oxley Act is critical if public organizations are to generate information that is useful and makes sense to investors. When this is achieved, investor confidence is raised since they are confident that the information generated is both truthful and factual and can be relied upon to make informed investment decisions. To improve policy implementations some factors must be in place. These factors have been identified as contributing directly and positively to the development and implementation of those policies that solidify proper governance. The solidification of proper governance thus allows the top management to be on top of all aspects of the public organisation and be able to identify and rectify deviations from the expected.
First, all system users must be sold to the idea of the policy being implemented. Secondly, the organisation has to provide with adequate resources to make the policy implementation unencumbered. Thirdly, the benefits of the policy have to be broken down so each individual can relate to them and thus work towards achieving their part. Fourthly, executives will use the parameters provided by the policy to constantly monitor its implementations. Finally, the management will be liable for the policy implementation and success in the organisation. This thus makes it critical that executives achieve improved policy implementation.
References:
SANS Institute (2004) An Overview of Sarbanes-Oxley for the Information Security Professional, accessed February 6, 2016 from https://www.sans.org/reading-room/whitepapers/legal/overview-sarbanes-oxley-information-security-professional-1426
Noblett, T (2008) Business for IT: Understanding Regulatory Compliance, accessed February 6, 2016 from https://technet.microsoft.com/en-us/magazine/2006.09.businessofit.aspx
Thornburgh D and Missal, M. J (2007) Improve Corporate Governance: Protecting Investors by Strengthening Gatekeepers Roles, accessed February 6, 2016 from http://www.brookings.edu/research/papers/2007/02/28corporategovernance-opp08
Davis, J (2015) Capital Markets and Jo creation in the 21st Century, accessed February 6, 2016 from http://www.brookings.edu/~/media/research/files/papers/2015/12/30-21st-century-job-creation-davis/capital_markets.pdf
Jonathan V. Hall and Alan B. Krueger (2015), “An Analysis of the Labor Market for Uber’s Driver-Partners in the United States,” January 22, 2015, http://dataspace.princeton.edu/jspui/bitstream/88435/dsp010z708z67d/5/587.pdf
Michael Dambra, Laura Casares Field, and Matthew T. Gustafson (2015), “The JOBS Act and IPO volume: Evidence that disclosure costs affect the IPO decision.” Journal of Financial Economics 116: 121-143.
Antonio Davila, George Foster, Xiaobin He, and Carlos Shimizu (2015), “The rise and fall of startups: Creation and destruction of revenue and jobs by young companies.” Australian Journal of Management 40: 6-35
Gerald F. Davis (2009), Managed by the Markets: How Finance Re-shaped America. Oxford