SOX Compliance for IT:
Comprehensive, Cost-effective and Risk-based
The Sarbanes-Oxley Act (SOX) requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. Your entire IT infrastructure—from server and network security to IT practices and operations—must be reinforced and configured to maintain and demonstrate compliance in the event of an audit.
Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
Tripwire provides a quick and less costly solution by offering internal controls to collect and protect the sensitive information needed to prove compliance.
Tripwire Enterprise's comprehensive solution:
- Addresses the Acquire and Implement (AI) and Delivery and Support (DS) guidelines of COBIT with out-of-the-box change audit reporting and a library of COBIT configurations.
- Compares system configurations to “gold systems,” and reports and remediates configuration items that vary from the "golden" standard.
- Identifies authorized and unauthorized changes or suspicious event activity over a period of time.
- Communicates report changes that display trends in the effectiveness of and adherence to change process controls.
- Provides industry standards and benchmarks to automatically assess configurations, and determines the degree of risk for operational, regulatory and security vulnerabilities.
- Continuously maintains a known and trusted state by establishing a secure baseline against which to measure change, and then automates the repair of configuration items if they fall out of compliance.
Tripwire Enterprise Product Brief
The Control Objectives for Information and Related Technology (COBIT) framework helps organizations get the most value from their technology investments by providing guidance for IT governance and controls, portions of which focus on the delivery and support aspects of information systems. Tripwire Enterprise incorporates COBIT through custom configuration assessment profiles that organizations can use to achieve and maintain compliance with those sections.