Tripwire Expands Support for SOX/COBIT Compliance
Market Wire, May, 2008
IT controls are critical to the success of any enterprise. In order to deliver maximum value to shareholders, businesses must be able to prove that they run effectively and efficiently, detecting, reporting on and remediating unauthorized change immediately in order to ensure maximum system availability and security. Implementing effective controls is not just good business sense -- it's also the law. Tripwire Enterprise today announced its expanded deployment of Control Objectives of Information and Related Technology (COBIT) framework, which enables corporations to ensure the integrity of their financial reporting processes and IT controls in order to comply with the Sarbanes-Oxley Act. Tripwire Enterprise's policy support addresses four major areas of COBIT: planning and organization, acquisition and implementation, delivery and support, monitoring and evaluation.
Since the passage of the Sarbanes-Oxley Act of 2002 (known as the Public Company Accounting Reform and Investor Protection Act of 2002, commonly called SOX), which established new or enhanced standards for all U.S. public company boards, management, and public accounting firms, public companies have rushed to understand and comply with the act's reforms, including those that pertain directly to IT processes and controls.
Specifically, SOX section 404 requires use of an internal control framework, such as COBIT. Just as SOX's reforms address every aspect of a public company's operations, COBIT addresses every aspect of IT management. The Public Company Accounting Oversight Board (PCAOB), which oversees auditors of public companies, has determined which aspects of COBIT should be implemented in order to bring public companies into compliance with SOX. These include application controls (i.e., transaction processing controls) that address specific material misstatement risks.
Tripwire Configuration Control
Public companies that seek to maintain the integrity of their IT operations while delivering maximum profitability to investors have selected Tripwire Enterprise for configuration assessment and change auditing. Tripwire Enterprise provides clients with two options. First, it provides a compliance policy that explores controls associated with COBIT as an overall IT Control framework. And second, it provides a SOX Compliance Policy that maps those COBIT controls to the PCAOB's recommended controls for SOX.
"Sarbanes-Oxley's reforms have impacted every aspect of running a public company, including IT security," said Sean Sherman, program manager for policy management at Tripwire. "Tripwire Enterprise offers public companies the tools to prove compliance for availability and security, which in turn helps them achieve, maintain and prove continuous compliance with SOX."
Tripwire automatically detects unauthorized, non-compliant change to enterprise-wide systems, including virtual infrastructure and immediately alerts IT staff so that exceptions to its change and configuration management policies can be immediately investigated. This approach enables customers to achieve and maintain a trusted state across the IT infrastructure -- as well as meeting regulatory requirements and ensuring continuous compliance with internal and external regulatory requirements, including SOX.
A 2005 survey conducted by the IT Processes Institute found that high-performing IT organizations almost universally have two things in common: they monitor systems constantly for unauthorized changes and they define the consequences for unintentional, unauthorized changes. These organizations support and deliver eight times as many projects, seven times as many business and IT changes and implement overall better security measures spanning loss, detection, correction and prevention. The performance of the IT department has a direct and critical impact on the effectiveness and profitability of the company it serves -- and under SOX, failures in these areas would have to be reported to investors.
About Tripwire, Inc.
Tripwire helps over 6,000 enterprises worldwide reduce security risk, attain compliance and increase operational efficiency across virtual and physical environments. With its industry leading configuration assessment and change auditing software solutions, IT organizations achieve and maintain configuration control. Tripwire is headquartered in Portland, Ore. with offices worldwide. http://www.tripwire.com/
©2008, Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All other marks are property of their respective owners. All rights reserved.
Add to Digg Bookmark with del.icio.us Add to Newsvine
Contact: Christen McCurdy Tripwire 503.276.7638 Email Contact
Most Recent Business Articles
- Your feedback
- Why fly solo when an executive assistant can accelerate your CLNC® business?
- The CLNC® mentors held the key to my first case and to my CLNC® success
- Atlanta CLNC® 6-day certification seminar photo gallery—plus sign up today for spring 2009 to save $100.00
- Announcing the 2009 NACLNC® conference keynote speaker, Stedman Graham: move like a maverick for breakaway CLNC® success at the 2009 NACLNC® conference
Most Recent Business Publications
Most Popular Business Articles
- Using object-oriented analysis and design over traditional structured analysis and design
- Big Fish Games Migrates Upstream to Fisher Plaza; High Growth Online Gaming Firm Vaults Fisher Plaza Occupancy Rate Above 90%
- Top of the line: some of the world's most well-respected doctors practice in South Florida. A guide to choosing the best physician specialists - Top Doctors in South Florida
- BEHR Paints Introduces a Colorful New Way to Paint and Prime All in One with BEHR Premium Plus Ultra™ Interior
- Sand filter basics: high-rate sand filters can be confusing for those new to the business. Understanding valve modes is the key
