Archive for March, 2011


Sarbanes Oxley Compliance Financial Security Audit and Management

Saturday, March 26th, 2011

Various rules and regulations require management of companies to the protection of proprietary and confidential information. Sarbanes-Oxley and SB-1386 are examples of such rules and regulations. The Sarbanes-Oxley Act was passed into law in 2002 to protect investors by improving the accuracy and reliability of corporate disclosures. The requirements of Sarbanes-Oxley are that a public company must have written policies and procedures that are followed to protect the interests of its stock holders.

Sarbanes-Oxley SB-1386 mandates that if a company maintains client personal information. This information must be maintained in a secure manner. In the event any client personal information is compromised each client who may have been affected must be informed within a reasonable period of time.

Data Triage Technologies provides confidential auditing services that comply with Sarbanes-Oxley and ISO (1)7799. DTT’s consultants will test and review network security policies and procedures and provides a detailed report addressing the security findings. Recommendations will be made if needed to insure proper compliance.

Upon request, DTT can further assist the client by drafting written policies and procedures. Details of all work performed including testing and our analysis of the network security situation is included in a comprehensive report and delivered to the client in a timely manner after completion of work.

Our network security policies and procedures will ensure that your end-to-end Network security solution always provides you the suitable level of protection. We will find out the essential processes and procedures to track and test your network security to ensure that it remains effective and can be improved over time as threats continue to grow.

The Sarbanes-Oxley Compliance For Corporates

Saturday, March 26th, 2011

Auditing is a major concern of any company. Every organization should comply with rules and regulations set forth by the US government. One such regulation is Sarbanes-Oxley Act which applies to public companies.

The Sarbanes-Oxley Act was enacted as a reaction to a number of corporate and accounting scandals. These scandals shook the confidence of the public because they cost investors millions of dollars when the share price of the affected companies collapsed.

This Act does not apply to privately held companies though.

The Sarbanes-Oxley Act was passed into law in 2002 to protect investors by improving the accuracy and reliability of corporate disclosures. The requirements of Sarbanes-Oxley are that a public company must have written policies and procedures that are followed to protect the interests of its stock holders. This law totally changed the standards of all US public company boards, management and public accounting firms.The SOX orders strict reforms to improve financial disclosures from corporations and prevent accounting fraud.

The Sarbanes-Oxley Act (SOX) requires that if a company records client personal information, it must be maintained in a secure manner. In the event any client’s personal information is compromised each client who may have been affected must be informed within a reasonable period of time.

The Act

  • Creates a Public Company Accounting Oversight Board to enforce professional standards, ethics, and competence for the accounting profession
  • Strengthens the independence of firms that audit public companies
  • Increases corporate responsibility and usefulness or corporate financial disclosure
  • Increases penalties for corporate wrongdoing
  • Protects the objectivity and independence of securities analysts
  • Increases Securities and Exchange Commission resources

Data Triage Technologies (DTT) provides confidential auditing services that comply with the Sarbanes-Oxley and ISO (1)7799. DTT’s consultants test and review network security policies and procedures and provide a detailed report addressing the security findings. Details of all work performed including testing and analysis of the network security situation is included in a comprehensive report and delivered to the client in a timely manner after completion of work.

The Process for Recovering Electronic Evidence

Tuesday, March 1st, 2011

There are two primary steps in the process of recovering electronic data; “acquisition” of the target medium, and a forensic byte-by-byte analysis of the data.

Computer forensic science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence. Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer medium.

Rather than producing interpretative conclusions, as in many forensic disciplines, computer forensic science produces direct information and data that may have some significance in a case. This type of direct data collection has wide-ranging implications for both the relationship between the investigator and the forensic scientist and the work product of the forensic computer examination.

Using customized computer forensic tools, the target medium is acquired through a non-invasive complete area-by-area bit-stream image procedure. During the imaging process, it is critical the mirror image be acquired in a DOS environment. Switching on the computer and booting into its operating system will subtly modify the file system, potentially destroying some recoverable evidence.

The resulting image becomes the “evidence file,” which is mounted as a read-only or “virtual” file, on which the forensic examiner will perform their analysis. The forensics software used by CFI creates an evidence file that will be continually verified by a Cyclical Redundancy Checksum (“CRC”) algorithm for every 64 sectors (block) of data and a by a MD5 128 bit encryption hash file for the entire image. Both steps verify the integrity of the evidence file, and confirms the image has remained unaltered and forensically intact. Using the MD5 hash encryption, changing even one bit of data will result in a notification that the evidence file data has been changed and is no longer forensically intact.

The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, a federal criminal statute outlawing various computer crimes, provides a civil remedy for companies victimized by a violation of the statute.In this new digital age, the CFAA is fast becoming recognized as a proactive tool that can be used by companies to retrieve stolen data, prevent its dissemination in the marketplace and obtain compensatory damages resulting from its theft, use and malicious destruction.