Computer Support - Sarbanes-Oxley And Computer Security (All Systems)
The Sarbanes-Oxley Act of 2002 forces companies to create accurate financial reports and to activate processes that prevent and detect fraud. Among other requirements, the IT department must ensure that the servers that contain sensitive corporate financial data are secure.
To avoid problems with auditors, many IT people are documenting that they isolate financial servers, apply the latest security updates and patches, install and update antivirus software, make nightly backups, set up minimum required permissions for all users, maintain user logs of all activities, and follow other standard security procedures. Even though the Sarbanes-Oxley Act does not specifically require it, many IT departments force users to create different 8 character or longer passwords containing upper and lower case letters, numbers, and punctuation every 60 to 90 days. Because these new passwords are much harder to remember, many users write them down on post-it notes that they attach to their monitors or "hide" under their keyboards, defeating the entire security process. However, the password requirements repeatedly remind every user that security is a priority.
Many sites provide excellent summaries of the act, and all the details of Sarbanes-Oxley are available at https://www.sec.gov/rules/final/33-8238.htm. Any IT staff working for a company subject to this act should be familiar with its requirements and guidelines.