Sarbanes Oxley Compliance Financial Security Audit and Management

Saturday, March 26th, 2011

Various rules and regulations require management of companies to the protection of proprietary and confidential information. Sarbanes-Oxley and SB-1386 are examples of such rules and regulations. The Sarbanes-Oxley Act was passed into law in 2002 to protect investors by improving the accuracy and reliability of corporate disclosures. The requirements of Sarbanes-Oxley are that a public company must have written policies and procedures that are followed to protect the interests of its stock holders.

Sarbanes-Oxley SB-1386 mandates that if a company maintains client personal information. This information must be maintained in a secure manner. In the event any client personal information is compromised each client who may have been affected must be informed within a reasonable period of time.

Data Triage Technologies provides confidential auditing services that comply with Sarbanes-Oxley and ISO (1)7799. DTT’s consultants will test and review network security policies and procedures and provides a detailed report addressing the security findings. Recommendations will be made if needed to insure proper compliance.

Upon request, DTT can further assist the client by drafting written policies and procedures. Details of all work performed including testing and our analysis of the network security situation is included in a comprehensive report and delivered to the client in a timely manner after completion of work.

Our network security policies and procedures will ensure that your end-to-end Network security solution always provides you the suitable level of protection. We will find out the essential processes and procedures to track and test your network security to ensure that it remains effective and can be improved over time as threats continue to grow.

The Sarbanes-Oxley Compliance For Corporates

Saturday, March 26th, 2011

Auditing is a major concern of any company. Every organization should comply with rules and regulations set forth by the US government. One such regulation is Sarbanes-Oxley Act which applies to public companies.

The Sarbanes-Oxley Act was enacted as a reaction to a number of corporate and accounting scandals. These scandals shook the confidence of the public because they cost investors millions of dollars when the share price of the affected companies collapsed.

This Act does not apply to privately held companies though.

The Sarbanes-Oxley Act was passed into law in 2002 to protect investors by improving the accuracy and reliability of corporate disclosures. The requirements of Sarbanes-Oxley are that a public company must have written policies and procedures that are followed to protect the interests of its stock holders. This law totally changed the standards of all US public company boards, management and public accounting firms.The SOX orders strict reforms to improve financial disclosures from corporations and prevent accounting fraud.

The Sarbanes-Oxley Act (SOX) requires that if a company records client personal information, it must be maintained in a secure manner. In the event any client’s personal information is compromised each client who may have been affected must be informed within a reasonable period of time.

The Act

  • Creates a Public Company Accounting Oversight Board to enforce professional standards, ethics, and competence for the accounting profession
  • Strengthens the independence of firms that audit public companies
  • Increases corporate responsibility and usefulness or corporate financial disclosure
  • Increases penalties for corporate wrongdoing
  • Protects the objectivity and independence of securities analysts
  • Increases Securities and Exchange Commission resources

Data Triage Technologies (DTT) provides confidential auditing services that comply with the Sarbanes-Oxley and ISO (1)7799. DTT’s consultants test and review network security policies and procedures and provide a detailed report addressing the security findings. Details of all work performed including testing and analysis of the network security situation is included in a comprehensive report and delivered to the client in a timely manner after completion of work.

Network Security Auditing

Wednesday, September 15th, 2010

The word audit brings a lot of scenes to your mind. A lot of unpleasantness is associated with this word. Network security audit does ring a bell of tax audit though in an altogether different sense. In the regular tax audit you can see people physically accessing your files and network security audit they crawl into the virtual world of computer network.

Network security auditing is an approach to auditing networks in order to ensure their safety. In the entire information systems audit framework, the audit of networks is one piece of a big puzzle. The other pieces of the puzzle are audits of application software, data base etc.

A Network Security Auditor’s job is to gather certain information and understanding of this information about the network to review in order to complete the audit of network security.

The first step in this Network Security Audit is to determine the expanse of the network. A typical way to do this is to examine the network diagram. This diagram shows all the routes available on the network. A Network Security Auditor had to ensure the accuracy of this diagram.

Businesses change and the network diagram needs to be updated with these changes. An auditor has to observe the processes that exist in the organization to update and maintain the diagram accurately. Concentration at particular areas in the network such as data centers where ERP servers are hosted, and the points from where these are accessed is of great importance to the auditor. Complex networks may have many hosting points where critical resources are located. Network diagram acts as an input on the types of devices and protocols used in the network. This input can be used as a referral throughout the audit.

Once a Network Security Auditor gets the pressing issues of key areas in the network he next moves to information about critical assets, systems and services that need to be secured. Key areas like enterprise systems consisting of ERPs, mail servers and other internal applications, web servers that host applications accessed by customers and vendors and the network and its components. Hence, security and access mechanism surrounding applications and servers also needs to be strong.

The Network Security Auditor then assesses who all have access to the network and for what reasons they access. If any employees access the network from outside the office or if any customers and vendors access the systems? Is the network accessed via Internet or is there a remote access mechanism? The Network Security Auditor finds answers to these question which have a strong impact on network security.

After examining all accesses and modes of access, the auditor next moves to the network’s connections with external networks. The auditor can press this examination in the first step itself by analyzing the diagram. However, a sincere auditor should treat this separately. An external network has its own threats on the network security of a company. Internet is accessed in companies for various purposes depending on the nature of the job performed. The simplest may be browsing sites or reading and dispatching mails by employees. On a sophisticated scale some companies’ business is dependent on e-commerce websites through which the companies establish their business and exchange information with other companies. Hence there are sensitive points through which information parts enters and leaves a company.

Now that the Network Security Auditor has the knowledge of the systems accessed internally and those externally, he can determine where to install firewalls and intrusion detection systems. To ensure internal security, the gateways of the external networks should be secured. Threats from outside are checked first and then threats from inside and a plan to enhance security can be put in place. The Network Security Audit can now offer protection mechanisms by evaluating their effectiveness and adequacy.

www.DataTriage.com, a leading expert in Computer Forensics, Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.

Does Your Company Have A Computer Incident Response Team (CIRT)?

Saturday, July 31st, 2010

Computer Incident Response Team is an expert group that handles computer security incidents. Whenever a new technology arrives, it is invariably dogged by misuse like the first worm in the IBM VNET and Morris Worm that hit Internet and paralyzed it. This led to the formation of the first Computer Emergency Response Team at Carnegie Mellon University under U.S. Government contract. With the massive growth in the use of Information and Communications Technologies thereafter, the Computer Incident Response Team (CIRT) has come to stay as an essential part of large organizations.

No matter how well your network is protected, there are always incidents you are not prepared to deal with, by yourself. It may be because the problem is beyond your technical know-how for the necessary action to be taken. Security policy of a company is not complete until procedures are put into place for the handling and recovery from the incidents. The best solution is to include a Computer Incident Response Team (CIRT) within the company’s incident response procedures.

What is a Computer Incident Response Team (CIRT)?

A Computer Incident Response Team (CIRT) is a group of people who can promptly and correctly handle an incident. A Computer Incident Response Team (CIRT) can quickly contain, investigate and recover from an incident that poses a threat to the security of an organization. A Computer Incident Response Team (CIRT) is usually comprised of members from within the company. A Computer Incident Response Team (CIRT) must have people with the authority to make decisions and take actions.

Who constitute a Computer Incident Response Team CIRT?

Depending on the needs and resources of the company a Computer Security Incident Response Team (CIRT) is constituted.

Members in a Computer Security Incident Response Team (CIRT):

Management: A member of upper level management on the Computer Security Incident Response Team can make the big decisions, and be an effective resource involved in evaluating security, selecting a team, developing a policy and exercising the plan during an incident based on input from the members of the team.

Information Security: They are the trained personnel in the area of handling electronic incidents with an ability to handle a multitude of incidents. An Information Security member on the Computer Security Incident Response Team can assess the extent of the damage and execute containment, basic forensics and recovery.

IT Team: In the event of an incident, the IT team on the Computer Security Incident Response Team knows where the data can be accessed or discovered before the evidence or the corrupt database is over written and replaced from a back up.

The IT/MIS: The IT/MIS on the Computer Security Incident Response Team can assist the Information Security team with technical matters if required.

IT Auditor: The IT Auditor tracks the incident and works with IT/security conducting post-incident reviews to avoid problems in the future.

Security: The Security on the Computer Security Incident Response Team can assess any physical damage, investigate physical evidence and guard evidence during a forensics investigation to maintain a chain of evidence.

Attorney: An attorney on the Computer Security Incident Response Team is useful for supplying them with legal advice on the usability of any evidence collected during an investigation and also provide advice regarding liability issues that affect customers, vendors or the general public.

Human Resource: Many incidents involve company employees. The Human Resource on the Computer Security Incident Response Team provides advice as to how best to handle situations when an employee is discovered to be involved.

Public Relations: The Public Relations on the Computer Security Incident Response Team communicate with team leaders, the press and stockholders to ensure an accurate understanding of the issue, the company status and current situation.

Financial Auditor: Financial Auditor on the Computer Security Incident Response Team has the hardest job to do when an incident occurs putting a monetary figure that has occurred as a result of an incident for insurance companies and to press charges under the National Information Infrastructure Protection Act.

Some managers may not opt to create a team and prefer outsourcing professionals when an incident occurs. For them creating a Computer Incident Response Team may not be the best solution for every company, but it can prove to be an invaluable tool. Computer Incident Response Team improves the response time to any computer based problems an organization may face.

Data Triage’s Computer Incident Response Team helps the organizations which has become the victim a of security breach. CIRT team captures and isolates evidence while restoring services efficiently. Steps are taken to insure the evidence is preserved for possible litigation or legal compliance.

How The Computer Criminals Control Information – Types of Computer Crime

Tuesday, October 6th, 2009

As computer-related crimes become more prevalent, understanding the types of computer-related crimes provides law enforcement an insight for investigative strategies.

The first insight is knowing the types of computer crimes.

Computer as the Target

This computer crime includes theft of intellectual property. The offender accesses the operating program under the guise of the system’s manager. The intruder accesses the contents of computer files in the system through the trap door that permits access to systems should there be a human or technological problem.

Here, the offender uses the computer to obtain information or to damage operating programs while committing the following computer crimes:

  • Theft of marketing information, like customer lists, pricing data, or marketing plans
  • Blackmail based on information gained from computerized files, like the medical information, personal history, or sexual preference
  • Sabotage of intellectual property, marketing, pricing, or personnel data
  • Sabotage of operating systems and programs with the intent to impede a business or create chaos in a business operations
  • Unlawful access to criminal justice and other government records
  • Changing a criminal history, modifying want and warrant information
  • Creating a driver’s license, passport, or another document for false identification
  • Changing tax records or gaining access to intelligence files
  • Techno-vandalism through unauthorized access to damage files or programs
  • Techno-trespass violating the owner’s privacy as in criminal trespass

Computer as the Instrumentality of the Crime

Here, the processes of the computer facilitate the crime.

The computer criminal introduces a new code (programming instructions) to manipulate the computer’s analytical processes and for converting legitimate computer processes for the following illegitimate purposes:

  • Fraudulent use of automated teller machine (ATM) cards and accounts
  • Theft of money from accrual, conversion, or transfer accounts, credit card fraud, fraud from computer transactions like the stock transfers, sales, or billings and telecommunications fraud
  • Billing charges to other customers through cellular phones
  • Once they capture the computerized billing codes, the computer criminals program these codes into other cellular phones simply by hooking up the phone to a personal computer
  • Using software originally developed by programmers in other countries they reprogram the signal chip in the cellular phone
  • Share the same through underground computer bulletin board services (BBS)

Computer is incidental to other crimes

In this category of computer crime, the computer is not essential for the crime to occur.

In every following case, the systems merely facilitate the offenses:

  • Helping the computer crime to occur faster
  • Processing of greater amounts of information
  • Making the computer crime more difficult to identify and trace
  • Unlawful banking transactions and money laundering
  • Supporting unlawful activity via BBSs
  • Erasing or denying proper access of organized computer crime records or books, and bookmaking involving drug raids, money laundering seizures, and other arrests in encrypt the data or design
  • Allowing computer criminals to destroy the storage media, such as disks, to eliminate evidence of their illegal activities
  • Letting child pornographers exchange information through BBSs

These computer crimes require unique data recovery techniques in order to gain access to the evidence.

Computer Crimes Associated With the Prevalence of Computers

The presence of computers, and microcomputers, generates sinister mutations of the traditional crimes like the software piracy/counterfeiting, copyright violation of computer programs, counterfeit equipment, black market computer equipment and programs, and theft of technological equipment.

  • Violation of copyright restrictions of commercial software can result in the staggering loss to businesses
  • Hackers break into computers with the help of the software illegally written and sold
  • Successful computer programs, like the word processing, spreadsheets, and databases are duplicated, packaged, and sold illegally on a large scale
  • Just like the pirated audio and video tapes, counterfeit computers and peripherals (items such as modems and hard disks) are also manufactured and sold under the guise of originals

Legal Issues Of Computer Crimes

Some States have enacted laws specifically directed toward computer crimes, while other States rely fundamentally on the common law as it applies to current and emerging technology. The elements of a computer-related offense must be established for successful prosecution.

  • The physical act of a computer crime, actus reus, may be demonstrated best by an electronic impulse
  • It is difficult to define and track
  • A computer crime can occur in 3 milliseconds using a program code that tells the software to erase itself after the computer executes the action eliminating the evidentiary trail
  • Causation relates to the self-destruction of computer programs that facilitate computer crimes and an investigator can not show causation if the offender erases the executing instructions
  • The electronic data interchange (EDI) and its networks complicate the legal elements by making computer crimes more difficult for law enforcement to specify, document, and materially link the crime to an individual
  • The EDI connects parties via computer for contract negotiations, sales, collections, and other business transactions
  • The computer becomes the vault, with the EDI serving as the key to its contents
  • The ability to access data in the computer must be relatively easy in order to maximize business efficiency
  • Security controls must be introduced in order to protect the business’ “crown jewels”
  • Maximum security and easy accessibility are not compatible: As the businesses prefer user-friendly equipment, system security usually takes second priority
  • The phenomenal growth of computer BBSs, on-line services, and the Internet only serves to compound the problem

As a result, computer-related crimes become easier to perpetrate and more difficult to identify, investigate, and prove.

Special Problems with Computer Crime

Intellectual property consists of concepts, ideas, planning documents, designs, formulas, and other information-based materials intended for products or services that have some commercial value or represent original thoughts or theses. Crimes associated with intellectual property focus primarily on theft when the product has commercial value, as opposed to basic research or research for private use.

Intellectual Property:

  • Involves formulas, processes, components, structure, characteristics, and applications of new technologies and covers such areas as fiber optics, computer chip designs and conductivity, and telecommunications equipment, protocols, and technologies
  • Associated with the marketing and production of new technologies
  • Pricing information, marketing targets, product release dates, and production timetables

Computer Crimes by Malfeasance

The concept of computer crimes by malfeasance means that computer-related behavior stretches the bounds of legality and may be viewed as only technically wrong.

Some of the scenarios of malfeasance computer crimes:

  • A parent offers to copy a computer program for a school that cannot afford to buy the software
  • An employee secretly maintains a small database in an office computer as part of a sideline business
  • An individual uses someone else’s computer account number and password to view the contents of a database
  • A customer gives her unlisted telephone number as part of a sales transaction at a store. The store enters the number into a computerized database and later sells the data to a telemarketing firm without the customer’s permission
  • A university computer programmer develops a program to schedule classes as part of a job assignment. The programmer then accepts a job with another university and leaves with a copy of the program for use at the new place of employment

These computer crimes illustrate the gray areas of computer abuse, areas that fall increasingly on the shoulders of law enforcement to address and resolve.

International Issues:

Technological knowledge and expertise contribute to the growth of computer crime on an international level.

Businesses can make great use of the

  • Unifying measures
  • Open communications like the single, European-wide communication protocol
  • Strong profit-oriented EU market spanning 12 countries
  • Open borders
  • Unification of technology standard
  • Easier banking
  • Monetary transfers between countries

Computer criminals are taking undue advantage of all these issues as:

  • Emerging international crime-related issues
  • Industrial espionage/competitive intelligence
  • Economic/political espionage
  • Expansion of international organized crime beyond traditional areas
  • Theft of technological hardware

Computer criminals have adapted the advancements of computer technology to further their own illegal activities. Unfortunately, their actions have far out-paced the ability of police to respond effectively. Protocols must be developed for law enforcement to stall the various categories of computer crime. Investigators must know the materials to search and seize the electronic evidence to recover, and the chain of custody to maintain.

Data Triage Technologies Provides Comprehensive Computer Forensics, Electronic Discovery, Electronic Data Discovery, Data Recovery, Data Management, Intrusion Prevention, Network Security Audit, and Expert Witness Services to the legal communities in California and throughout the United States.

Author: Meshaal McLean