SARBANES-OXLEY and Event Log Management

To comply with Sarbanes-Oxley, all organizations that publish financial corporate information must implement a comprehensive information security program that is designed to protect all financial information. Managing and setting proper audit policies in the Security event log is an important component to compliance. Engagent offers solutions to ensure compliance to the IT monitoring aspects of Sarbanes-Oxley.

Sarbanes-Oxley is the U.S. government's response to Enron, WorldCom, Adelphi, Tyco scandals. CEOs and CFOs of public companies now must swear under oath that the financial statements of public companies are
accurate and complete.

All public companies, big or small, domestic or foreign, that have registered under the Exchange Act or have a pending registration statement under the Securities Act of 1933. Sarbanes-Oxley imposes new responsibilities
on executives, board members, audit committees, auditors and lawyers.

The September 30, 2003 deadline requires clear internal controls around financial reporting and its governance.

Executives that knowingly sign falsified reports and anyone that destroys audit records can receive up to 10 years in prison and fines. Destruction, falsification, alteration of documents in federal investigations and bankruptcy proceedings can lead to sentences of up to 20 years in prison and fines. Sarbanes-Oxley is ultimately about ensuring that internal controls are in place to secure financial information. It has strict rules and regulations for IT monitoring which are required to ensure that minimum security breaches occur on your IT network. Engagent's Event Log management solutions allow you to manage and comply specifically with the IT event log monitoring aspects of Sarbanes-Oxley regulations. 

Proper IT security monitoring includes implementing proper access for user accounts and then creating audit policies in the security event logs. The security event log will provide the important details about activities on your network. For IT monitoring and compliance the native Microsoft Security Event Log offers 9 audit policies for system security compliance. Implementing these Audit Policies and managing the events meets key requirements specified in Sarbanes-Oxley Section Five. 

The Nine Audit Policies are:
1. Account Logon
2. Logon
3. Account Management
4. Policy Change
5. Process Tracking
6. Object Access
7. Privilege Use
8. System Events
9. Directory Service Access

Implementing these audit policies produce detailed records for the following IT security aspects of Sarbanes-Oxley. 

1. Monitor passwords changes
2. Monitor changes to access rights to shares, files, folders, etc.
3. Monitor attempts to unauthorized access to computer system resources.
4. Monitor attempts to unauthorized access to information held in application systems.
5. Regularly audit all internal system activity including logins, file accesses and security incidents.
6. Produce and retain logs recording exceptions and security-related event
7. Monitoring any attempts to unauthorized changes to IT systems.
8. Monitor key system files and critical data for unauthorized changes.
9. Manage Active Directory permissions for user accounts, groups and computer accounts
10. Monitor unauthorized Active Directory access permissions
11. Monitor and Verify any change users, groups, rights, and user account policies
12. Notification of group policy changes 
13. Monitors authorized users attempts to perform unauthorized activities
14. Log actions in detail and provide extensive security reporting
15. Report on permission changes in Active Directory
16. Monitor and log user information, access information, date and time stamp
17. Monitor and notify of real-time policy modifications
18. Report on last accessed dates for files and applications.

The security log displays detailed information about logins, file access, and policy change attempts. Implementing these audit polices on your network will generate hundreds of records (events) in the event log files on your servers. The events showing activities specifically related to compliance occur in the native 
Microsoft security event log. The easiest and best way to manage these records is to store the events in a database. 

The insertion of all the events in the event logs into a database is a crucial first step for reporting and to show compliance. Engagent event solutions automatically store all events from all servers into an SQL database. Engagent's View SQL is a database viewing tool that creates the reports to detail your organizations adherence to government IT security regulations. Without a sorting and filtering tool to manage the events, valuable compliance information is not readily available. View SQL will allow you to create specific reports for each one of the IT monitoring compliance points in Sarbanes-Oxley. When the events are stored in a database you will have a repository that can be produced for any time period you specify; daily, weekly or monthly. Reports are easily generated detailing the specific events that relate to IT security compliance. 

The easiest way to adhere to government regulations is to create automated processes for compliance. If your organization is required to comply with IT monitoring for security regulations you must implement a tool for Windows Event Log Management. Engagent's solutions are easy to implement and configure. Without automated processes offered by Engagent's event log management tools the manual tasks required to show compliance will take additional staff time and likely produce errors that compromise security.

Download Sentry II

Free Product Download



Evaluating Automated Security Tools
Sarbanes-Oxley Compliance
Why you should monitor your event logs

White Paper



Administrator Logins
Alert Percentage By Server
Architecture Diagram
Event Watch Report
EventLog Watch Percentage By Server
Login Failures
Monitored Performance Counters
Selected Performance Counters
Server Status Report
User Manual


Customer Endorsements

2002-2005 Engagent