As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

managed ids, content filtering, outsource security, vulnerability testing, internet security, managed intrusion detection, managed firewall, security audit, penetration testing, network security, information security, managed security, Firewall Notification, Voice Over IP, Fixed Costs, Security, Auditing, Reporting, Policy, Monitoring, Networks, Protection

  BAI Security works with internal IT teams to provide firewall and IDS management, content filtering, custom threat alerts, Internet and network security and penetration and vulnerability testing.BAI Security works with internal IT teams to provide firewall and IDS management, content filtering, custom threat alerts, Internet and network security and penetration and vulnerability testing.  
  ServicesAbout UsPartnersNewsContact  
   
 
 
Company News

BAI Security Assists Organizations with Sarbanes-Oxley Compliance

Overview:

Section 404 of the Sarbanes-Oxley act documents specific regulations required for publicly traded companies to document the Management’s “Assessment of Internal Controls” over security processes. The overall requirements of the regulations can be summarized as:

  • Documenting commitment to a process

  • Documenting the effectiveness of the process that’s in place

  • Documenting an auditor’s assessment of the process in place.

There are many aspects of Sarbanes-Oxley and BAI’s MSS that are beyond the scope of this document; however, we will focus on the monitoring and on-demand reporting processes from BAI Security that help organizations meet the documentation requirements of the regulation.

Documentation Requirements:

In general, the actual process requirements of Sarbanes-Oxley regulations are somewhat vague. However, it generally states that it requires that a process is in place and that the process is shown to be effective by management, but it does not define the process itself.

As part of the requirements, it can be assumed that a security management process must exist in order to protect against attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations. In other words, being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive financial information. Breaking this requirement down further, an organization should be able to assess the following types of “security events”: 

  • Failed system level login attempts

  • Failed application level login attempts

  • Exploitation of a system by a virus or worm

  • Unauthorized exploitation of systems (i.e. hacking)

  • Failed access attempts to files or application data

  • Correlating multiple system events to illicit data access

The Role of BAI’s Managed Security Service:

Both firewall and server systems provide sufficient data for assessing these types of security events. The data is reported by these systems in various audit trails called log files. At first these log files seem insurmountable because they are often very large without any consistent format across different systems and applications.

However, BAI Security’s MSS provides advanced collection, monitoring, response, and reporting across most popular firewall, intrusion detection, antivirus, server and application systems.  BAI provides on-site security appliances to further validate existing system logs, as well as to collect unique security events inside the production network and traffic to/from the Internet to meet regulatory reporting requirements.

BAI Security provides clients with an online portal, which is available 24x7, to access statistics and security event data tailored to Sarbanes-Oxley reporting criteria.  In addition, BAI can provide electronic and/or hardcopy reports specifically designed for external compliance auditors.

Customized Monitoring, Response, & Reporting for Compliance:

The BAI MSS can provide the following information as on-demand and/or periodically delivered reports as required for Sarbanes-Oxley reporting: 

  • Failed Login Attempts (system and application)

  • Account Misuse

  • Changed Passwords

  • Account Lockouts

  • Deleted/Disabled Accounts

  • Security Group Modification

  • Loading and Unloading of Drivers

  • File and Directory Ownership Changes

  • Log File Modification

In addition, BAI’s MSS can provide monitoring, response/blocking, and reporting for the following:

  • Virus Activity (internal / external)

  • Network Intrusions

  • Unauthorized Web Use

  • Spyware Protection (perimeter-based)

  • SPAM Filtering (including Phishing protection)

Conclusion:

Maintaining compliance by properly self-monitoring, responding, and reporting on the security devices that protect data integrity is growing in complexity and cost.  BAI Security’s Managed Security Service can significantly simplify the effort and complexity of compliance while concurrently reducing security management costs and often improving your overall security posture.

 
Find out how the professionals at BAI Security can help you secure your business. Contact Us Today »
Sign up Now!
  
 

    © 1995-2010 BAI Security Inc. All Rights Reserved. Privacy Policy | Sitemap