Qualys Inc. - Vulnerability Management, Network Security Vulnerabilities, Security Compliance

Home | news.qualys.com |

Qualys.jp | Contact Us | Search

- QualysGuard
- QualysGuard PCI

Contact

Trials

Free 14 Day Trial: Risk free, no commitment.
No software to download.

Free One Time Scan: Scan 1 publicly facing IP.
Identify network assets.
Scan systems for vulnerabilities.

DEFINITION:

Sarbanes-Oxley Act of 2002 (SOX) was passed to make corporate executives more responsible for their companies' financial statements.

CHALLENGE:

Section 404 of the Sarbanes-Oxley Act is relevant to information security as it requires management to demonstrate that they have established appropriate "internal controls" to safeguard an organization's financial processes. The regulation's internal controls specify that organizations safeguard financial data through the prevention and detection of security breaches that may have a material effect on financial statements.

SOLUTION:

Qualys® helps publicly traded companies quickly and cost-effectively meet compliance with Section 404 of Sarbanes-Oxley by providing SOX-specific reports to measure, reduce and document ongoing efforts to safeguard electronic systems and data.

PARTNERS:

	SeTraSys - SeTraSys combines the breath and accuracy of Qualys' vulnerability data with an automated reporting and alarming system for a complete Regulatory Compliance solution.

For IT to successfully implement controls to comply with Sarbanes-Oxley, the following best practices are typically suggested:

Suggested IT Best Practices	QualysGuard Solution
Assess the current state of the system, performing a gap analysis relative to the state of compliance	QualysGuard provides automated network security audits that determine an organization's security posture on an ongoing basis.
Implement any process improvements or new controls, and remediate any identified vulnerabilities	QualysGuard helps organizations identify vulnerabilities, prioritize remediation efforts and manage risk based on key Sarbanes-Oxley requirements.
Monitor each system to ensure that it is in line with the compliance requirements	QualysGuard automatically documents all security violations and subsequent effects of vulnerability remediation through an unalterable audit trail.
Report on the compliance status in a format that is intelligible to the audit staff or other management	Security data from QualysGuard's comprehensive business and technical reports provide a clear snapshot of a network's risks, easily understood by audit managers and executive staff.