How to simply achieve Sarbanes-Oxley Russell Smith, author of ‘Least Privilege

Transcription

How to simply achieve Sarbanes-Oxley Russell Smith, author of ‘Least Privilege
Avecto | Bitesize Article
How to simply
achieve
Sarbanes-Oxley
(SOX) Compliance
Russell Smith, author of ‘Least Privilege
Security for Windows 7, Vista and XP’.
In this bite size article,
Russell Smith provides a
quick and easy guide to
achieving SOX Compliance.
employees must be prevented from using
with small IT shops, is available from the
systems for activities not related to their
ISACA website.
assigned duties. The removal of
administrative privileges and use of
Windows and Least Privilege Security
application control are critical in achieving
Least privilege security has been shown
these goals.
to significantly reduce virus and malware
infection rates on Windows. Additionally,
In response to major accounting scandals
such as those that affected Enron, SarbanesOxley (SOX) was passed into US law in
2002. Put simply, it requires that public
companies verify the accuracy of their
financial information. Specifically, SOX
section 404 states that organizations must
demonstrate confidence in IT systems that
store, transport and process data.
The Act itself doesn’t determine what
PO4.11 Segregation of Duties:
Implement a division of roles
and responsibilities that reduces
the possibility for a single
individual to compromise a
critical process. Make sure that
personnel are performing only
authorised duties relevant to
their respective jobs and
positions.
application whitelisting is necessary to
prevent users from installing unauthorized
software that could lead to a computer being
compromised. Portable applications, some
scripts and batch files cannot be blocked by
simply removing administrative rights.
To achieve effective least privilege security,
organizations need to:
Remove users from built-in Windows
groups, such as Administrators and
Power Users.
Implement application whitelisting
internal controls organizations should use,
but COBIT (Control Objectives for
The Information Systems Audit and Control
to prevent users running unauthorized
Information and Related Technology)
Association (ISACA), which is responsible for
software.
outlines best practice and is the most
certifying auditors, carried out a study to
commonly adopted framework by IT
determine the most important controls
departments to meet SOX compliance.
required for SMEs to meet SOX compliance.
File access privilege controls was ranked in
COBIT
the top five controls and least privilege was
COBIT control PO4.11 Segregation of Duties
identified as the technology required to
requires organizations to ensure that users’
meet the control requirement.
roles are defined in such a way as to
minimize the likelihood of a critical process
COBIT Quickstart, a guide to implementing
being compromised. Additionally,
the most critical COBIT controls for SMEs
File access privilege controls
was ranked in the top five
controls and least privilege was
identified as the technology
required to meet the control
requirement.
Russell Smith
Using Privilege Guard
to meet SOX compliance
ensuring that support can be provided in any
some software didn’t work correctly when run
Avecto Privilege Guard’s features allow
for a device to receive a policy update.
by a standard user. Furthermore, some
organizations to remove administrative
Windows features, such as Disk
privileges from end users and block
Defragmenter, can only be started by a user
unauthorized applications while retaining
with administrative rights.
confidence that all operational needs can
whitelisting provides more flexible rule
be met.
creation than Windows AppLocker, and
1
User Account Control
In the past, users on Windows were
assigned administrative privileges because
Starting in Windows Vista, User Account
situation and unforeseen changes can be
authorized by IT even when it’s not possible
4
Application control
Privilege Guard’s application
integrates with monitoring and challenge
Control (UAC) brings together a set of
IT can utilize Privilege Guard to assign rights
technical changes that make it easier to run
to individual processes, applications, scripts,
Windows under a standard user account.
batch files, control panel applets, etc. As a
Fewer Windows features in Vista (and later
result, if the removal of administrative
operating systems) require administrative
privileges from users’ accounts causes a
privileges; Protected Administrator (PA)
legacy application to stop functioning
accounts remove administrative privileges
correctly, or notebook users can no longer
Whether you choose the Group Policy or ePO
most of the time, requiring users to confirm
perform a maintenance task, the required
(ePolicy Orchestrator) Edition, Privilege Guard
the use of admin rights in an elevation prompt
rights are transparently added to the required
can streamline your efforts to remove
in some scenarios. However, UAC is a
process according to centralized policy set
administrative privileges from end users on
consumer-orientated technology which
by the IT department.
PCs and servers. Removing administrative
denies organizations the control to manage
security effectively and meet compliance
mandates.
response authorization features.
Reducing the cost
of SOX compliance
privileges is required for SOX compliance
1
Monitoring privilege use
and for the wider aim of delivering an
Privilege Guard can monitor PCs and
effective security strategy. Least privilege is
servers to determine which applications and
one of the most effective measures that can
Application control
processes are being used and what
be taken against malware, helping to reduce
Windows XP introduced basic
privileges are required to run them. Gathering
downtime related to unwanted configuration
application whitelisting in the form of
this data in advance reduces the chances of
changes, and improving productivity.
Software Restriction Policies (SRP). SRP is
users experiencing problems when
difficult to implement and manage, thus
administrative rights are removed by ensuring
About the Author
preventing its widespread adoption. Microsoft
that application and process compatibility
Russell Smith is the author
added AppLocker to Windows Vista, a
with standard user accounts is known before
of Least Privilege Security
replacement for SRP that provides more
least privilege is deployed.
2
for Windows 7, Vista and XP
flexibility, the ability to scan the OS for
installed software and automatic rule creation.
published by PACKT, which
2
Custom messaging
includes details about the applications of
Unlike UAC elevation prompts,
Avecto’s Privilege Guard software for
While AppLocker is an improvement over
Privilege Guard messages can be customized
Windows least privilege management. Smith
SRP, it can’t be used to manage all supported
and branded. Not only is this useful for
is also contributing editor for Microsoft Best
versions of Windows, because AppLocker
providing users with more information, but
Practices at CDW’s Biztech magazine and a
wasn’t back ported to XP, and it doesn’t offer
helps differentiate genuine messages from
regular contributor to leading industry journal
the comprehensive control and automation of
those that might be generated by malware.
Windows IT Pro. He holds a diploma of
3rd-party application whitelisting solutions.
Privilege Guard messaging also has multi-
higher education from the University of
lingual support.
London and is a Microsoft Certified Systems
Engineer (MCSE). With over 10 years
3
Least privilege security has
been shown to significantly
reduce virus and malware
infection rates on Windows.
Challenge response authorization
experience securing and managing Windows
One of the biggest challenges of any
Server systems for Fortune Global 500
least privilege project is how to manage
companies and small to mid-size enterprises,
notebook users that don’t have connectivity
Smith is also an experienced trainer.
to the corporate network. Privilege Guard’s
challenge response authorization feature lets
users elevate applications or processes on
Russell Smith
receipt of an authorization code from IT,
Americas +1 978-703-4169
UK +44 (0)845 519 0114
[email protected]
Follow us on twitter
Americas 125 Cambridge Park Drive, Suite 301, Cambridge, MA 02140 USA
UK Hobart House, 3 Oakwater Avenue, Cheadle Royal BusinessPark, Cheadle SK8 3SR UK
www.avecto.com
Follow us on Google+