Sarbanes-Oxley Act (SOX) Compliance

The Sarbanes-Oxley Act mandates public companies to keep and report accurate financial records. Section 404 of Sarbanes-Oxley Act (SOX) requires public company’s annual reports to include the company's own assessment of internal control over financial reporting, and an auditor's attestation.  

How EiQ Can Help

EiQ’s SOCVue Security Monitoring service helps organizations address SOX by providing 24/7/365 monitoring and compliance reporting on systems that are associated with financial reporting. Because SOX does not specify the exact technical controls to implement, many organizations use the COBIT framework as a guide for SOX controls. EiQ’s SOC team can also proactively assess several additional security controls, which are based on the SANS/CIS Critical Security Controls*, in order to reduce your compliance risk. SOCVue Security Monitoring is designed to help address the APO13 and DSS05 sections of COBIT 5.

EiQ’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance to improve your security posture.

Our SOC team will work with your organization to enable the reporting you need to help meet your compliance objectives with ease.

Critical Security Control

COBIT 5 Framework for SOX Controls

How SOCVue Security Monitoring Addresses

How SOCVue Vulnerability Management Addresses

Critical Security Control #1: Inventory of Authorized and Unauthorized Devices

APO13: Manage Security

DSS05: Manage Security Service

BAI09: Manage Assets

SOCVue security analysts can monitor DHCP event logs to track the identity of devices connecting to the network and help detect unauthorized devices.

SOCVue security analysts will conduct Qualys discovery scans in order to build an inventory of authorized and unauthorized devices.

Critical Security Control #4: Continuous Vulnerability Assessment and Remediation

APO13: Manage Security

DSS05: Manage Security 

SOCVue security analysts can help you correlate data from a wide variety of commercial vulnerability scanners with real-time security event data for enhanced alerting and reporting.

SOCVue Vulnerability Management includes Qualys vulnerability scanning along with our SOCVue security analysts to manage the tool and guide you with recommended action. New vulnerabilities can be quickly detected and appropriate staff notified.

Critical Security Control #6: Maintenance, Monitoring, and Analysis of Audit Logs

APO13: Manage Security

DSS05: Manage Security Services

SOCVue Security Monitoring provides the people, process, and technology needed to collect, monitor, and analyze audit logs. Monitoring audit logs can provide valuable security insight and help detect advanced threats.

Critical Security Control #9: Limitation and Control of Network Ports

APO13: Manage Security

DSS05: Manage Security Services

SOCVue security analysts will help you establish a whitelist/blacklist of ports and protocols and assess whether any unauthorized ports, protocols, and services are running on a network.

SOCVue Vulnerability Management provides vulnerability scanning technology from Qualys to help detect vulnerable port and protocol usage on your IT assets.

*Additional controls auditing available with on-premise Security Monitoring deployments

Learn More About SOCVue Security as a Service

Let's Talk
EiQ has allowed us the ability to be more proactive as to how we look at security. The EiQ support staff is great! The weekly meetings are helping with the implementation of the service. Requests are handled in a timely and professional manner.
Jack Barrett Deputy CIO, Massasoit Community College