Companies are facing a growing number of industry and governmental regulations. To comply with regulations such as PCI, BITS, SOX you must have in place procedures and processes that protect customer information and other sensitive data held by the IT infrastructure. Manual processes do not provide a long-term cost-effective solution. To comply with these regulations it is necessary to:
- Gather all of the company’s logs, e.g. applications, firewalls, infrastructure, etc. together in a common secure database.
- Compile this information for different purposes.
- Create different reports according to purpose.
- Archive the log data over time.
Compliance is a new reality for today’s businesses and their IT departments. Legislations like SOX (Sarbanes-Oxley Act) has been enacted in several countries around the world, the most famous being the Sarbanes-Oxley Act, a US federal law describing specific mandates and requirements for financial reporting in public companies, which was passed in response to a number of corporate scandals.
The SOX legislations
A common theme for SOX-legislations (such as EuroSOX) is that it requires public companies to maintain a certain level of internal control; this includes control over their internal IT systems. To maintain the set level of control, businesses need tools to monitor their systems, and these tools must also be able to give a historic overview of the activities that have taken place in the systems.
PCI compliance
Companies that manage different types of payment cards are also under increased pressure from the PCI, Payment Card Industry, an industry association managing security standards for the payment card industry, to monitor and trace IT systems used for payment card transactions.
|
