Tripwire Expands Support for SOX/COBIT Compliance

Market Wire, May, 2008

IT controls are critical to the success of any enterprise. In order to deliver maximum value to shareholders, businesses must be able to prove that they run effectively and efficiently, detecting, reporting on and remediating unauthorized change immediately in order to ensure maximum system availability and security. Implementing effective controls is not just good business sense -- it's also the law. Tripwire Enterprise today announced its expanded deployment of Control Objectives of Information and Related Technology (COBIT) framework, which enables corporations to ensure the integrity of their financial reporting processes and IT controls in order to comply with the Sarbanes-Oxley Act. Tripwire Enterprise's policy support addresses four major areas of COBIT: planning and organization, acquisition and implementation, delivery and support, monitoring and evaluation.

Since the passage of the Sarbanes-Oxley Act of 2002 (known as the Public Company Accounting Reform and Investor Protection Act of 2002, commonly called SOX), which established new or enhanced standards for all U.S. public company boards, management, and public accounting firms, public companies have rushed to understand and comply with the act's reforms, including those that pertain directly to IT processes and controls.

Specifically, SOX section 404 requires use of an internal control framework, such as COBIT. Just as SOX's reforms address every aspect of a public company's operations, COBIT addresses every aspect of IT management. The Public Company Accounting Oversight Board (PCAOB), which oversees auditors of public companies, has determined which aspects of COBIT should be implemented in order to bring public companies into compliance with SOX. These include application controls (i.e., transaction processing controls) that address specific material misstatement risks.

Tripwire Configuration Control

Public companies that seek to maintain the integrity of their IT operations while delivering maximum profitability to investors have selected Tripwire Enterprise for configuration assessment and change auditing. Tripwire Enterprise provides clients with two options. First, it provides a compliance policy that explores controls associated with COBIT as an overall IT Control framework. And second, it provides a SOX Compliance Policy that maps those COBIT controls to the PCAOB's recommended controls for SOX.

"Sarbanes-Oxley's reforms have impacted every aspect of running a public company, including IT security," said Sean Sherman, program manager for policy management at Tripwire. "Tripwire Enterprise offers public companies the tools to prove compliance for availability and security, which in turn helps them achieve, maintain and prove continuous compliance with SOX."

Tripwire automatically detects unauthorized, non-compliant change to enterprise-wide systems, including virtual infrastructure and immediately alerts IT staff so that exceptions to its change and configuration management policies can be immediately investigated. This approach enables customers to achieve and maintain a trusted state across the IT infrastructure -- as well as meeting regulatory requirements and ensuring continuous compliance with internal and external regulatory requirements, including SOX.

A 2005 survey conducted by the IT Processes Institute found that high-performing IT organizations almost universally have two things in common: they monitor systems constantly for unauthorized changes and they define the consequences for unintentional, unauthorized changes. These organizations support and deliver eight times as many projects, seven times as many business and IT changes and implement overall better security measures spanning loss, detection, correction and prevention. The performance of the IT department has a direct and critical impact on the effectiveness and profitability of the company it serves -- and under SOX, failures in these areas would have to be reported to investors.

About Tripwire, Inc.

Tripwire helps over 6,000 enterprises worldwide reduce security risk, attain compliance and increase operational efficiency across virtual and physical environments. With its industry leading configuration assessment and change auditing software solutions, IT organizations achieve and maintain configuration control. Tripwire is headquartered in Portland, Ore. with offices worldwide. http://www.tripwire.com/

©2008, Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All other marks are property of their respective owners. All rights reserved.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Contact: Christen McCurdy Tripwire 503.276.7638 Email Contact