SOX and SekChek

SekChek and Compliance Reviews (e.g. SOX)

The Sarbanes-Oxley legislation requires that companies assess the effectiveness of security controls at a point-in-time and on an ongoing basis.

SekChek is the ideal tool to analyse operating systems security controls on a frequent (e.g. quarterly) basis for period-on-period comparison.

The benefits of using SekChek as part of a SOX or other compliance review are:

An independent point-in-time snapshot of security controls;
The graphical analyses provide a quick indication of whether security controls have strengthened or weakened since the previous time SekChek was run on a platform;
Consistent reporting from one analysis to the next avoids the risk of inconsistent interpretations between analyses over time;
Similar reporting formats across platforms analysed (Windows, UNIX, AS400 and NetWare) ensure a consistent standard in the interpretation of security controls.

A collection of easy-to-read reports in a very familiar format provides you with visual indicators of:

Whether security has improved, weakened, or remained about the same since your previous analysis
The effectiveness of your measures to strengthen controls
Whether risk is increasing or decreasing
The degree of change, both positive and negative

The applications are endless. Some of the practical benefits are:

Time savings. Reduced time spent poring over volumes of unconnected information
Objectivity. The results are guaranteed to be the same regardless of who performs the review
Compliance with legislation. Easier monitoring for compliance with statutory requirements imposed by SOX, HIPAA and other legislative changes relating to corporate governance
More powerful justifications. The ability to present more convincing arguments to senior, non-technical management who do not have the time, or the inclination, to understand masses of technical detail

SekChek® is a registered trademark of SekChek IPS. All other trademarks are the property of their respective owners.