The Sarbanes-Oxley Act of 2002 (SOX) is a law that implements regulations on publicly traded companies and accounting firms. SOX was created to improve the accuracy and reliability of corporate disclosures in financial statements and to protect investors from fraudulent accounting practices.
Security has always been a big concern for business organizations. Nowadays, it’s an even more significant concern, and it isn’t hard to understand why. The technology world changes at an amazingly fast pace. Companies around the world increasingly rely on the cloud with each passing year. And with each passing year, we see the number of security threats increase. That’s why compliance requirements are crucial in this day and age.
LEHI, Utah – Nov. 19, 2019 – SaltStack, the creators of intelligent automation for IT operations and security teams, today announced the general availability of SaltStack Protect for automated discovery and remediation of security vulnerabilities across web-scale infrastructure. SaltStack Protect is a new product now available in the SaltStack SecOps family of products and is additive to SaltStack Comply.
Companies choose to transition to serverless computing for various reasons; two main reasons including faster time-to-market and reduced infrastructure costs. However, their serverless security requirements differ based on a myriad of factors. One of those factors is compliance. Today we highlight compliance in serverless, with a compliance-driven client. We will showcase their security driver and challenges, their chosen solution, and ultimately, results.
As compliance managers, we often find ourselves in a struggle. Our responsibility is to uphold compliance standards but in order to achieve this, we need to “sell” the concept to the relevant stakeholders, inter alia the business teams and R&D. We’re put in the position of justifying required changes and processes and are thus mistakenly perceived as business “stoppers” and not enablers.
The Sarbanes-Oxley Act of 2002 (SOX) designates management review controls (MRCs) as one of the required internal controls. MRCs are the reviews of key financial information conducted by a company’s management to assess its reasonableness and accuracy. They are a key aspect of a public company’s internal control over financial reporting (ICFR).
In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.
Blue Medora has recently completed a SOC 2 Type 1 audit by Plante Moran! Anyone who has been through a SOC 2 audit, or any other compliance regimen (SOX, HIPAA, PCI, etc.) knows that it can be strenuous to ensure you have all your processes and procedures documented, as well as proving out that you follow those procedures. To my surprise, some of our modern deployment processes made this process easier than expected!
