SOX AND YOU

Sarbanes-Oxley (SOX), passed byCongress in 2002, makes themanagement of publicly tradedcompanies responsible for thecorrectness of information thataffects financial reporting. Anysystem, be it a computer system ormanual entry system, that touchesor can compromise financial datamust be traceable. Never before inthe history of our country has somuch emphasis been placed oncorporate governance.

Enormous pressure is now placedon upper management to insurecorrectness of financial informationand if problems are detected,management must be able to tracehow the data was affected and whocaused the problem. “In order formanagement to make its annualassertion on the effectiveness of itsinternal control, management will berequired to document and evaluateall controls that are deemedsignificant to the financial reportingprocess.”

THE NEED FOR AUTOMATED

POLICIES AND PROCEDURES

“Because security is such a hugeconcern within SOX generally, ITsecurity should form a large part ofthe audit process.”

“It’s usually a good thing forSarbanes-Oxley purposes if policy,procedure, or process is”

• Standardized company-wide

• Centrally administered

• Centrally controlled

• Repeatable

“Thus, it makes sense for policy,procedures and processes to beautomated (as this makes it moredifficult for individuals to manipulatecontrols either maliciously or bymistake).”

For example, intrusion preventionand detection processes are oftenautomated using centralizedservices such as IPS/IDS software.

BASIC SECURITY

AGAINST INTRUSIONS

HIGH QUALITY

SOFTWARE FROM

FORMULA CONSULTANTS

FOR USERS OF UNISYS 2200

AND

CLEARPATH COMPUTER

SYSTEMS.

FCI’S IDS 2200 SOFTWARE

IS HERE TO HELP

For SOX compliance, it is importantto illustrate, at a minimum, thatpolicies and procedures are in placeand are being followed effectively inthe following areas:

Intrusion detection/prevention:

• Able to identify which IDS/IPSsoftware is running on whichnetwork components

• What data and who alerted itwhen data intrusions are detected

• Policy for handling intrusions,etc.

Logging:

• Error logging

• Incident logging

• Reviews of logs

• Policy for acting on unusualactivities

• Access to logs/changes to logs

FCI’s IDS 2200 will in part satisfySOX requirements and allowmanagement to satisfy many of theauditor’s concerns and require-ments such as traceability anddetection. No other commercialsoftware package specificallydesigned for OS-2200 is available.

IDS 2200Intrusion Detection

for OS 2200

DOCUMENTATION

The installation media containsIDS 2200 documentation, whichprovides installation, configuration,operations, and troubleshootinginformation.

TRAINING

Most OS 2200 systems program-mers are able to install, configure,and operate IDS 2200 without anyspecial training. If you feel yourstaff would benefit from morefocused training, contact us.

HOW IT WORKS

IDS 2200 draws critical systeminformation from a variety of orig-inating sources on the Unisysenterprise server running OS2200. Rather than a technicalexpert needing to painstakinglycross-correlate these numerouslog files, IDS 2200 performs thisprocessing, generating tiers ofalerts, based on pre-configuredpolicies and needs.

WHAT TO DO NEXT

For a better idea of how FCI’sintrusion detection product fits intothe spectrum of auditing, security,and supporting products, visit FCI’sWEB site at:

www.formula.com

FCI also provides OTS-1100 (OnlineTerminal Security system) tosecure your TIP and MAPPERenvironments. Ask how OTS-1100can help meet your SOX/auditorsrequirements.

FormulaConsultantsIncorporatedCorporate Address:P.O. Box 544Anaheim, California 92815Tel: (714) 778-0123Fax: (714) 778-6364Email: sales@formula.com

WE HAVE THE

FORMULA FOR SUCCESS

ANALYZING

LOG DATA

IDS 2200 consolidates andanalyzes all of the log files crucialto security in your 2200 enterprise.

� System LogUser, File, ACR and PrivilegeAuthentication Events. CPFTPand OTS-1100 Events.

� Communications LogsCMSCPCOMMSILAS

� Web EnablementWebTS

� MAPPER

� Client Server (Future release)

OLTPUniAccessCITA

"INTRUSION DETECTION IS

A NECESSARY COMPONENT OF

ANY SOUND SECURITY STRATEGY"

IDS 2200

IntrusionDetection