News and blog
NXLog main page
  • Products
    NXLog Platform
    Log collection
    Log management and analytics
    Log storage
    NXLog Community Edition
    Integrations
    Professional Services
  • Solutions
    Use cases
    Specific OS support
    SCADA/ICS
    Windows event log
    DNS logging
    MacOS logging
    Solutions by industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Plans
  • Partners
    Find a Reseller
    Partner Program
  • Resources
    Documentation
    Blog
    White papers
    Videos
    Webinars
    Case Studies
    Community Program
    Community Forum
  • About
    Company
    Careers
  • Support
    Support portals
    Contact us

NXLog Platform
Log collection
Log management and analytics
Log storage
NXLog Community Edition
Integrations
Professional Services

Use Cases
Specific OS support
SCADA/ICS
Windows event log
DNS logging
MacOS logging
Solutions by industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing


Find a Reseller
Partner Program

Documentation
Blog
White papers
Videos
Webinars
Case Studies
Community Program
Community Forum

Company
Careers

Support portals
Contact us
Let's Talk Start free
NXLog search
  • Loading...
Let's Talk Start free
August 9, 2023 compliance

The Sarbanes-Oxley (SOX) Act and security observability

By Roman Krasnov

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

SOX - an overview

Security cameras Serious financial fraud was never considered a real risk while investing in U.S.-listed stocks until 2001, when energy giant Enron Corporation, which held $63.4 billion in assets, collapsed. It was revealed that the company had been misleading investors for years and the company’s stock price quickly plummeted from $90 to less than $1 per share. It was the largest bankruptcy in US history, followed by a $40 billion lawsuit and imprisonment for the corporation’s executives.

In the aftermath, to enforce stronger regulations on corporate governance, a new US federal law - The Sarbanes-Oxley Act (SOX) - was enacted in 2002 to ensure financial transparency and reduce accounting fraud across publicly traded companies.

The Sarbanes-Oxley Act consists of 11 titles that cover many different governance areas from corporate responsibility, accountability, and internal controls, to penalties for fraud and non-compliance. The U.S. Securities and Exchange Commission (SEC) is in charge of its enforcement with oversight authority over the Public Company Accounting Oversight Board (PCAOB) - “a nonprofit corporation established by Congress to oversee the audits of public companies in order to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports”.

Who must comply with SOX?

SOX applies primarily to the following entities:

  • Publicly traded U.S. companies

  • Publicly traded foreign companies that do business in the U.S.

  • Accounting firms that are responsible for auditing SOX-compliant businesses

Also, private companies planning to go public should be prepared to comply with SOX prior to entering the U.S. stock market.

These companies are subject to an annual audit, during which they are obligated to submit financial reports and prove the accuracy and security of their financial data. It requires all financial reports to include an Internal Controls Report assessed by an independent auditor.

However, in 2019, the SEC proposed amendments to relax requirements for smaller reporting companies (SRC). Under the proposal, companies with less than $100 million in revenues are not required to obtain an audit of Internal Controls over Financial Reporting (ICFR) from an independent auditor.

What fines and penalties can result from non-compliance?

Corporate management is personally accountable for non-compliance. For CEOs and CFOs, fines are defined as up to 5 million dollars and imprisonment for up to 20 years. Also, there is a risk of being de-listed from the stock exchange for companies that fail to comply with SOX.

SOX requirements and IT controls

As a high-level regulation, the Sarbanes-Oxley Act does not stipulate any IT requirements directly. But since financial data is stored and processed electronically, SOX has a huge effect on corporate IT infrastructures, systems, and processes.

Across many sections of SOX, these are considered to be the most important in terms of IT:

  • Section 302: Responsibility for Financial Reports (civil provision)

  • Section 401: Disclosures in Periodic Reports

  • Section 404: Assessment of Internal Controls

  • Section 409: Real-Time Issuer Disclosures

  • Section 802: Penalties for Altering Documents

  • Section 902: Conspiracies to Commit Fraud

  • Section 906: Responsibility for Financial Reports (criminal provision)

Section 404 is the most complicated and expensive one to be accomplished as it requires actual internal controls (ICFR) to be implemented to ensure financial data is protected. It may also require an external audit to attest controls are appropriate and correct.

Internal controls typically span all infrastructure, including workstations, servers, software, and other devices used to process and report financial data. So, ICFR assessment is often the largest and most complex part of SOX audit.

SOX auditors rely on IT frameworks (e.g. COBIT) to benchmark the level of IT governance and investigate four common elements:

  • Access controls: A company must ensure sensitive information can only be accessed by users with permission to do so. A company must ensure it tracks who has access to what data and systems.

  • Security controls: A company must ensure policies and tools are implemented to prevent security breaches against systems used for financial data processing.

  • Change management: A company must ensure it has processes enforced for account, hardware, and software change management (know who and what made a change, and when).

  • Data backup: A company must ensure financial and other sensitive data is retained appropriately.

While SOX compliance was initially aimed at financial transparency, it is increasingly about the controls, policies, and procedures enabled by a public company to ensure that data is correct and protected sufficiently. And the reason is fairly simple: financial controls themselves make sense only if you keep track of system access and who tampers with data.

How long should data be retained?

SOX Sections 103 (a) and 801 (a) require public companies and registered public accounting businesses to maintain audit trails for at least seven years.

During the audit, it is not enough to submit a report stating appropriate internal controls are in place. Companies must be capable of promptly getting evidence the auditor needs and demonstrating compliance with the SOX regulations. Companies must not just log data securely, but also make this data available on demand.

How can NXLog help with SOX compliance?

Security observability and log management play crucial roles in SOX compliance, as it provides an audit trail of access to sensitive data and helps to detect breaches almost in real time.

According to Sections 302, 404, and 409, companies have to log and monitor many actions occurring across IT infrastructure, including:

  • User activity (logon/logoff, privileged access, unsuccessful logon attempts, etc.)

  • Security configuration changes (new users, adding to groups, etc.)

  • Database access (dumping and tampering with its data, etc.)

  • Network activity (terminal sessions to sensitive systems, access to network resources, etc.)

  • Information access (tampering with financial data and critical logs, etc.)

A security observability system must provide an audit trail of all the actions sufficient for timely incident response.

Simplify processes with unified log collection infrastructure

NXLog allows an organization to define a unified log collection mechanism across an entire infrastructure, including system and operational components. Unified log collection helps design comprehensive technical solutions and simplify routines and policies that must be documented and communicated to staff.

Enable audit log centralization with nothing missed

NXLog supports all popular and advanced log data collection methods. It seamlessly integrates with various data sources, including databases, network appliances, SIEM, and APM systems to ensure a SOX-compliant log management process.

Enable cost-efficient audit log retention

According to SOX, audit trails must be retained for seven years—​a huge storage capacity problem. NXLog provides log filtration, flexible retention, and routing mechanisms, creating a cost-efficient retention process.

Enforce audit log & system file monitoring against unauthorized changes

NXLog provides a File Integrity Monitoring (FIM) module that detects when files are changed and promptly triggers a security event. This helps to protect both critical system files and retained logs from unauthorized tampering.

The Sarbanes-Oxley Act affects all publicly traded companies in the U.S. with an aim to increase the accountability and integrity of financial reporting. System and application log files enclose crucial information that can be utilized to detect issues and breaches while providing an audit trail for incident response and forensic investigation. Logs are also a fundamental element of SOX Section 404 Internal Controls.

NXLog helps organizations to stay SOX-compliant by providing a centralized security observability solution. Collect and analyze audit logs across disparate systems to aid in real-time threat detection and response, and ensure you always stay compliant with SOX.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us
  • SOX
  • Regulations
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

DNS Log Collection on Windows
8 minutes | May 28, 2020
Making the most of Windows Event Forwarding for centralized log collection
6 minutes | December 17, 2018
Send email alerts from NXLog using Python, Perl, or Ruby
7 minutes | August 3, 2022

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Announcing NXLog Platform 1.6
April 22, 2025
Announcing NXLog Platform 1.5
February 27, 2025
Announcing NXLog Platform 1.4
December 20, 2024
NXLog redefines log management for the digital age
December 19, 2024
2024 and NXLog - a review
December 19, 2024
Announcing NXLog Platform 1.3
October 25, 2024
NXLog redefines the market with the launch of NXLog Platform: a new centralized log management solution
September 24, 2024
Welcome to the future of log management with NXLog Platform
August 28, 2024
Announcing NXLog Enterprise Edition 5.11
June 20, 2024
Raijin announces release of version 2.1
May 31, 2024
Ingesting log data from Debian UFW to Loki and Grafana
May 21, 2024
Announcing NXLog Enterprise Edition 6.3
May 13, 2024
Raijin announces release of version 2.0
March 14, 2024
NXLog Enterprise Edition on Submarines
March 11, 2024
The evolution of event logging: from clay tablets to Taylor Swift
February 6, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
February 2, 2024
Raijin announces release of version 1.5
January 26, 2024
2023 and NXLog - a review
December 22, 2023
Announcing NXLog Enterprise Edition 5.10
December 21, 2023
Raijin announces release of version 1.4
December 12, 2023
Announcing NXLog Enterprise Edition 6.2
December 4, 2023
Announcing NXLog Manager 5.7
November 3, 2023
Announcing NXLog Enterprise Edition 6.1
October 20, 2023
Raijin announces release of version 1.3
October 6, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
Log Management and PCI DSS 4.0 compliance
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases. 

© Copyright 2024 NXLog FZE.

Privacy Policy. General Terms of Use

Follow us

  • Product
  • NXLog Platform 
  • Log collection
  • Log management and analysis
  • Log storage
  • Integration
  • Professional Services
  • Plans
  • Resources
  • Documentation
  • Blog
  • White papers
  • Videos
  • Webinars
  • Case studies
  • Community Program
  • Community forum
  • Support
  • Getting started guide
  • Support portals
  • About NXLog
  • About us
  • Careers
  • Find a reseller
  • Partner program
  • Contact us