StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

IT Security & Sarbanes-Oxley Act - Term Paper Example

Cite this document
Summary
The present term paper "IT Security & Sarbanes-Oxley Act" explores the law which derives its name from its sponsors, the then United States Senator Paul Sarbanes and Representative Michael Garver Oxley. Reportedly, Act is sometimes informally referred to as SOX or Sarbox…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.3% of users find it useful
IT Security & Sarbanes-Oxley Act
Read Text Preview

Extract of sample "IT Security & Sarbanes-Oxley Act"

IT Security & Sarbanes-Oxley Act I) Introduction Also known as the Corporate and Auditing Accountability and Responsibility Act [in the House], and the Public Company Accounting Reform and Investor Protection Act [in the Senate], the Sarbanes-Oxley Act 2002 came into being, following its enactment on July 30th, 2002. This law derives its name from its sponsors, the then United States Senator Paul Sarbanes and Representative Michael Garver Oxley. Because of this, this Act is sometimes informally referred to as SOX or Sarbox. The Sarbanes-Oxley Act of 2002 sought to set enhanced standards for all American public company management, boards and accounting firms. However, it is a fact that Sarbox also provides parameters and mechanics for enhancing IT security. Thesis statement The benefits of incorporating the provisions of Sarbanes-Oxley Act of 2002 in IT security far outweigh the short-term gains of non-compliance, since the Act injects organizational transactions with security and confidentiality. II) Brief overview/history of the Sarbanes-Oxley Act The Sarbanes-Oxley Act of 2002 was enacted on July 30th, 2002. Because of the original intention and the mandate of the Act, financial accuracy must be certified by the management concerned. Because of the provisions of the Same Act, the penalties for financial fraud have been made more severe. Similarly, the Sarbanes-Oxley Act of 2002 strengthened the autonomy of external auditors who analyze and reexamine the accuracy of corporate statements of accounts and also bolstered the oversight function of the board of directors. Simon, Smalley, and Schultz (2009) divulge that the Sarbanes-Oxley Act of 2002 comes against the backdrop of serious corporate and accounting scandals such as the Enron, Adelphia, Tyco International, WorldCom and Peregrine Systems Scandals. These scandals had cost investors billions of dollars, following the collapse of the affected companies' share prices. These scandals, together with their serious effects weakened public confidence in America's security markets. The Act comprises 11 sections which range from criminal penalties to additional corporate board responsibilities. The Sarbanes-Oxley Act of 2002 demands that the Securities and Exchange Commission implements rulings on prerequisites to compliance with the law. III) How the Sarbanes-Oxley Effects & Constraints on Information Technology Security (Industry & Management) Section 404 Compliance One of the ways the Sarbanes-Oxley Act of 2002 effects and constraints IT security section 404 compliance is by emphasizing a comprehensive understanding of internal controls, as a set of an enterprise's internal procedures, providing reasonable assurances that the enterprise will meet its target in all the specified areas. This is the case since Section 404 Compliance extends emphasis on not just historical financial reporting, but on internal controls also. Together with the rules spelled out in the SEC, there is a requirement that public companies' management should assess and report periodically, on the effectiveness of internal controls on financial reporting. To this effect, it is given that the report that the management hands in must be accompanied by statements of evaluations by an external auditor to provide an attestation to the credibility and reliability of the conclusions that the management has made. According to SAI Global (2010), the portfolio that Information Technology Security Section provides also addresses matters beyond Sarbanes-Oxley, to tackle other auditing and legal dimensions of internal controls and the responsibilities that sundry and all actors dispense, when executing systems of internal controls. Even though the Sarbanes-Oxley Act of 2002 is leaner in scope than internal controls, the Portfolio agrees with the fact of the tremendous impact of the legislation and studies a number of its provisions which force moderations on diverse aspects of internal controls. Again, through the provisions of Information Technology Security Section 404, the Portfolio is accommodated in the Accounting Policy and Practice Series which through its comprehensive series of titles explicates, explains and offers commentaries on a broad range of finance and accounting management topics such as income taxes, revenue recognition, leasing, debt instruments, business combinations, internal controls and risk management. In summation, through internal controls which Information Technology Security Section 404 supports, the Sarbanes-Oxley Act §404 and Beyond allows one to gain from: time-saving accessibility to pertinent sections of regulations, court cases, tax laws and IRS documents; real-world and deeper analysis which enable one to explore different options; alternative approaches to unique and common tax scenarios; practice documents such as tables, lists and charts; and guidance from experts from the world over. IV) IT Security as it pertains to the Health Insurance Portability and Accountability (HIPAA) Compliance Sarbanes-Oxley Act 2002 has greatly influenced the execution of HIPAA Compliance and IT operations. In the first place, Sarbanes-Oxley Act 2002 has helped HIPAA carry out its primary mandate which is to establish and strengthen: confidentiality and safety of all healthcare data and standardized mechanisms for electronic data interchange (EDI) security. Because of the provisions of IT operations and the introduction of Sarbanes-Oxley Act 2002 into IT security, HIPAA has been able to carry out the stipulations of the HIPAA Act. The As the Act mandates, Sarbanes-Oxley Act 2002 has strengthened standardized formats for all the administrative, financial and patient health data, and specific identifiers (ID) numbers for all healthcare entities, employers, healthcare providers, individuals health plans. Importantly, Sarbanes-Oxley Act 2002 has enforced and strengthened the observation of security mechanisms so as to ensure data integrity and confidentiality. To this effect, it is unlawful for a healthcare institution to release data belonging to a client, or an individual patient to the third party. At the same time, through the provisions of Sarbanes-Oxley Act 2002, HIPAA has been able to curtail the culture of falsification of statements of accounts, by healthcare services providing institutions. In another wavelength, Sarbanes-Oxley Act 2002 has strengthened the need for Joint Commission Accreditation. The Joint Commission Accreditation determines that at a minimum, a hospital must completely familiarize itself with current standards, and examine the very processes policies and procedures that are relative to the stipulated standards, so as to improve on the same. V) IT Security as it pertains to the Payment Card Industry Data Security Standard (PCI DSS) According to Wright (2011), through the ratification of the Sarbanes-Oxley Act 2002, the PCI DSS system became very strong and subject to reviews in the last 10 years. It is these reviews that have led to the emergence of newer regulations which have made PCI-DSS payment systems more secure. Some of the regulations which have been newly crafted, passed and implemented include Basel II, Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act and the California State Bulletin 1386. In a separate vein, the Sarbanes-Oxley Act 2002 has strengthened the need to integrate PCI DSS systems with effective use of Primary Account Number (PAN) to help store, process and transmit data or payment. Because of this, merchants or dealers who carry out transactions are mandated to totally comply with PCI DSS standards. The place of IT security and the Sarbanes-Oxley Act 2002 comes in, in the sense that PCI DSS 1.2 has security requirements that apply to all systems components that are connected to the PCI DSS cardholder data environment. In this light, there is lucidity in observing that the systems components are fully reliant upon the Act and that the Act in turn bolsters IT security. This standpoint is worthy of credence, given that the systems components are inclusive of: servers (web, authentication, database, proxy, mail, DNS and NTP); network components (switchers, firewalls, routers, security appliances and network appliances); and all applications (external and internal, and purchased or custom applications) (Thomas and Stoddard, 2012). The only drawback that is being cited as being relevant to the introduction of the Sarbanes-Oxley Act 2002 is the additional cost of compliance. This is also due to the fact that organizations have had to outsource services from dealers in enterprise connectivity market such as Open-Text Connectivity Solutions. This is because, such arrangements have to cover a wide range of needs such as connecting: legacy application access; data in transit security; legacy application access; data integration and transformation; heterogeneous networks data exchange; and high-end graphical Unix applications. VI) Conclusion However, despite additional financial expenditures that are being cited as a form of drawback in the implementation of Sarbanes-Oxley Act 2002 in IT security, the gains that are accrued from the same, far outweigh the cost. The same is a radical and necessary step in the quest to alleviate fraud in the corporate and public sector. Moreover, the cost of non-compliance far outweighs the gains that would be incurred, when one attempts to evade IT security measures. Non-compliant organizations are normally exposed to heavy fines and penalties. References SAI Global. (2010). Sarbanes-Oxley Act and Healthcare Requirements Addressed: HIPAA / HITECH Compliance. New York: McGraw Hill. Simon, M. L., Esq., Smalley, K. Esq., and Schultz, J. L., Esq. (2009). Internal Controls: Sarbanes-Oxley Act §404 and Beyond. New York: Wiley Press. Thomas, M. T. & Stoddard, D. (2012). Network Security First. London/ NY: CISCO Systems Inc. Wright, S. (2011). PCI DSS: A Practical Guide to Implementing and Maintaining Compliance. Cambridge: IT Governance Publishing. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“IT Security & Sarbanes-Oxley Act Term Paper Example | Topics and Well Written Essays - 1250 words - 1”, n.d.)
Retrieved from https://studentshare.org/information-technology/1622543-it-security-as-required-by-sarbanes-oxley
(IT Security & Sarbanes-Oxley Act Term Paper Example | Topics and Well Written Essays - 1250 Words - 1)
https://studentshare.org/information-technology/1622543-it-security-as-required-by-sarbanes-oxley.
“IT Security & Sarbanes-Oxley Act Term Paper Example | Topics and Well Written Essays - 1250 Words - 1”, n.d. https://studentshare.org/information-technology/1622543-it-security-as-required-by-sarbanes-oxley.
  • Cited: 0 times

CHECK THESE SAMPLES OF IT Security & Sarbanes-Oxley Act

Impact of Sarbanes-Oxley Legislation

The act, tabled by Senator Paul Sarbanes and U.... Corporate governance was the main factor behind the enactment of this act, which required companies and corporate bodies to account for their internal controls (Brodkin, 2007).... This paper will examine the impact the legislation had on businesses, and what the future holds for companies that do not comply with the regulations the act has in place.... Impact of sarbanes-oxley Legislation Name: Institution: Impact of sarbanes-oxley Legislation The enactment of the sarbanes-oxley legislation came in the wake of scandals in the corporate and business world....
4 Pages (1000 words) Research Paper

Sarbanes Oaxley Act And Reporting Of Employee Compensation

Bush marked the sarbanes-oxley act of 2002 into rule on July 30, 2002.... Particularly, the Act offers the following: The sarbanes-oxley act was signaled into regulation in July 2002.... In adding to comprehensive rations concerning to commercial supremacy and secretarial developments, the act encloses a number of necessities concerning to decision-making recompense and employee benefits.... This law creates the major important alterations in business control as the Securities act of 1933 and the Securities Exchange act of 1934....
5 Pages (1250 words) Essay

Fraudulent Practices and Sarbanes Oley Act

This was done under the supervision of Harvey Pitt who ensured the adoption of a dozen other rules to implement the sarbanes-oxley act.... Corporate Fraud AccountabilityCompliance planThe need to establish internal controls for the purposes of financial reporting and operational integrity has been specifically mentioned in the Sections 302 and 404 of the sarbanes-oxley act.... hellip; An investigation was launched to look into these frauds following which the Senate approved the SOX act in an attempt to prevent the history from repeating itself. It is referred to as the Sarbanes -Oley act of 2002....
11 Pages (2750 words) Essay

SARBANES-OXLEY ACT 2002 IN MY OWN OPINION

The solution that was implemented is known as the sarbanes-oxley act of 2002 (SOX).... The sarbanes-oxley act fixed the problem by making the CEO and top officials liable in cases of fraud.... The section 302 of the sarbanes-oxley act mandates that senior management certify the accuracy of the financial reports (Answers, 2010).... sarbanes-oxley act 2002 – SOX.... The act was created in order to raise investor confidence in the marketplace....
2 Pages (500 words) Essay

How the Sarbanes-Oxley Act has made an impact on business

The sarbanes-oxley act (SOX) of 2002 was enacted in response to the wide ranging high profile financial scandals in auditing circles and other areas of private and public interests.... Sarbanese-Oxley Act The sarbanes-oxley act (SOX) of 2002 was enacted in response to the wide ranging high profile financial scandals in auditing circles and other areas of private and public interests.... Assessing Canada's regulatory response to the sarbanes-oxley act of 2002: lessons for Canadian policy makers....
1 Pages (250 words) Essay

MBA Applied Managerial Finance 615

The enactment of the sarbanes-oxley act into law on July 30,2002 was in response to the various corporate and accounting malfeasance committed by various company such as Enron and WorldCom with the intent of restoring the public's onfidence in America's businesses.... There… two important sections in the sarbanes-oxley act which are Section 302 which requires certification of the signing officers and Section 404 which mandates companies to publish their financial repors. Section 302 of Sarbanes Oxley Act include certifications that signing Introduction The enactment of the sarbanes-oxley act into law on July 30,2002 was in response to the various corporate and accounting malfeasance committed by various company such as Enron and WorldCom with the intent of restoring the public's onfidence in America's businesses....
3 Pages (750 words) Essay

Sarbanes-Oxley Act of 2002, the Securities Act of 1933, and the Securities Act of 1934

SARBANES-OXLEY & OTHER REQUIREMENTS FOR PUBLIC COMPANIES AUGUST 2, Sarbanes-Oxley RequirementsAccording to the sarbanes-oxley act 2002, the fundamental requirements for publicly held organizations have been highlighted as follows:Requires the investors of the companies to receive each financial and other information with respect to securities that are being offered for public saleDetail statements regarding the roles and responsibilities of the company's management including CEO and/or CFO Detail statements regarding the establishment and maintenance of the internal controlling structure, tools and practices for reporting financial performanceStatement detailing the identification of the accounting framework used by the company in order to evaluate the controlling process within the financial reporting functionsStatement regarding the internal control system of the management along with their effectiveness assessment reportAppropriate attestation of the company's external auditors, regarding the effectiveness of the management, while performing internal controlling measures for developing financial reportsSources: (U....
2 Pages (500 words) Essay

Sarbanes-Oxley Act of 2002

The sarbanes-oxley act which came into effect in 2002 had the core intention of preventing, protecting and deterring future corporate fraud in order to increase shareholders confidence in their investments in public companies.... First, the act let to greater requirement to have robust internal Sarbanes- Oxley Act The sarbanes-oxley act which came into effect in 2002 had the core intention of preventing, protecting and deterring future corporate fraud in order to increase shareholders confidence in their investments in public companies....
1 Pages (250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us