|
|
|
AppSecInc Tackles SarbOx, FISMA Compliance
By: Lisa Vaas
2005-04-01
Article Rating: / 0
There are 0 user comments on this Database story.
The database security vendor's new best-practices policies test security strength from both inside and out and are available as a free download.AppSecInc will roll out canned best policies for its database-auditing and intrusion detection software on Monday at InfoSec World. The latest additions to AppSecIncs current roster of best practices will cover the Sarbanes-Oxley Act and FISMA, the Federal Information Security Management Act.
SarbOx requires accountability for the integrity of financial reporting by executives, auditors, securities analysts and legal counsel.
FISMA is a framework for ensuring information security for federal information and assets, and mandates that all government agencies report their overall security health to the Office of Management and Budget, which in turn reports to Congress.
At the heart of all this accountability resides the database, with its wealth of detailed, sensitive information about financial transactions, customer names, patient files, and social security and credit card information.
Ted Julian, vice president of marketing for the New York firm, said the new templates came about after customers complained of trying to ground regulatory compliance within their databases and within their infrastructures.
As it is now, Julian said, companies track transactions in a laborious and high-level manner. "For example, in the case of SarbOx, theyll say, Joe and Steve are responsible for handling those transactions on the balance sheet," Julian said.
 Why are public companies finding Sarbanes-Oxley compliance expensive? Click here to read more.
Organizations are trying to make that process more granular and repeatable, Julian said. Application Security Inc. is aiming to enable that approach with tools that allow companies to run tests on databases or applications at any time, thus enabling enterprises to hand over to auditors a clean bill of health for their databases when necessary, he said.
Click here to read about the Sarbanes-Oxley Report Pack in Ecora Softwares Enterprise Auditor software suite.
Both the FISMA and SarbOx policies for AppDetective—the companys application-level vulnerability assessment scanner—consist of a Pen Test policy and an Audit policy. The Pen Test policy tests security strength from an external perspective to ensure confidentiality, integrity and availability by determining susceptibility to privilege escalation, password attacks and other known vulnerabilities.
The Audit policy gauges vulnerability to insider threats by testing for privilege escalation. The tests span all application components and include checks for misconfigurations, as well as for strong access and identification/password controls.
The best-practices policy template for AppDetective will be available for free download on Monday. Policies for AppRadar—a real-time database intrusion detection and security-auditing tool—will be available later in the month.
Check out eWEEK.coms for the latest database news, reviews and analysis.
|
|
�������x}r㶲s\@♵M푦d[�kŶ,8:U*$�ER�e��oВ/㩱%�l�h|Ggg�D]ݴ1p͙M5��5|zg`HRsgޅ�-34
@oRQP
Ġ�x�nwݶN`P'~ �> \?g3U;Y|��b(áh]
](
Ѽ��e�MGQR`N
Cw*�Nul9�Q�6�RV2/Fӽ8�t�[h���#k~�|�E=x:Q/M+l}~@k�NmW ȓڭAx)�B(��!�bB�]߂�KCI%�q@ؓ&th�mu�b'�b�#��Q�^]õ]�&Z.R͌eCwt=��P��z�OMҳB�CL�H��6}~8IZ��Q�O�K�.m4ZIfOl+qtR8�E[5'0m_k|��uv3< 3~3 CoZej% =�y7`BaC�J&5\_�-E&>�5
ؗ�Y͢@�e���ʆ}{ʾVWR\W{}rL>-g`*sN�ϿΕiѻ]�H� �C[wn�5�ZIۇ�_w{>~j��r ��+�o$&�� Z�DTQRp&���Rc@G${/@B��oVQWB-hZIAr��ija�[�E�4bEU}$N"?Zڗu&u}X6&�Zi�C�A+WtW�e`9=y\toz{MNڟ:�gw�:�R��ڟ�+̊/k*}k
p�6O{uH�54Y�01\�
\^Kj=��'6ǣ1)H|S: qN���X(-t[ۗ�RH3}c-? ,�_��0f��k���$LJse)"���:u
�v��Py۬ M�Z!R)
uK_3Q8�j�\K}0�[RFp &�J��pJq�䨉kYSl� �\揇o4'M3XE�U��>hi,A[�T}N�}W�%M��1F|r'�E�KH�@!=F!8�N�0Apl/\d~���]L�QwWڲ9Q[%�kK\M흙"#-+�}�7Oۭ ]u/{]tZ�ڠxDaDZ`A�). 8G]�77�Zu?1�Ra�^TU���G��'&-d`q86acBݤ#}fE=� �
tSOC|>56㤞F!|�e��mxq=Z.3+ԍE��Xn`Nt��H Qx�٭�lE%H_�¤�<�)
FA��=H:}m�`�~�5$ǎ�@ �L���s'09��ښB�"�QފС4�a�
vhi�q�pp�yY?�0�»g��{`����閭�-�L<�ħ̠>xԁ!~9.Wb�&�A/���""D% �
h��4�A�G�EBEN@@7gw$]Vi+Raz"�ʦ�B�I�Cvn +=*%�nqR%e 3��ʬ$&vϏaZLbo��7�]�,�Slo3-M�uc�{\V�5mZO4MhFa�f#A�.kޣe�K0Pl;!9?f! q WQ� ���}�sY�Mh?wܰHz}G�����+�Zsƾ�
:ˋ��j|X#D nN-���˘
\
�>eB#`9{MYguϳ-j���TN`cܒn�h{Ͱ&QUN?>{BO-\n�aDHդ�:ϧ�HڶMS�C77�Bs݈C/�2$\^&VAB1
6d:�l';oWfn2>�=Mj=""�ǰ@7�Z�`N)^HIcНj!D�)z٧l�.�s-D֒eۏbumb$l�*=Ҵ.�Z)���!d[�}aa6E]�QYRKPD@BR)�
ҊiY��^`(t��MLТ~چx�����Sk�:m���_&TYV0>2ai[[zESZ2{5�k断l0!�/Ȁ2n(进�,�ق
Yj6<:]��y~o�2]|:��0T�c}2��7q��'�JkX�$l
M=̌:�X[��������@'
�K |1tJ/�]{>,Y\�ϗ�+]5�&�A�> z$'Z>�pd`/R=:uou�j�1���SQ_(%UMP?O~�2��;2.eX \�k��#�Oa�Yw$
Eiy�
Y�(p}r�)C©5j&|��jj�h0Ả#ן�ũ�°0vQԺewPy?�1�cXe[;pMbA
L>FS-cB�_�;$!M_&%Eh>C�5ᚉ�1ǁ8o+<|!CH�E�~"=��i��l��s}��"T0�|"���V$H6pl) 5tl*FuiMy�m! 8�+��:,C$�5f>O{M{c>4�Ze�f,�z,RKz-86VjeV~W@yϸo��G�M gs||uj���N8adEc�>eL�Z�j9aJ;���=�J%Eh�ӐBDAe
S#<�~Ɋ0�
ClW��õ8X1�pW��P�R}P���e�O#c�I�eA:�ݐ늦�u�zV��E�@��G�qH��ؽ�N�HuҚ
n�;@+%l|
?Ԋ�N��`έ�(D���ap�ሙ@FCS؇`m/ �RۯTʞuN�"X썿9KC�b�RD��i^{p��� J';pL�jg� %Jkfx�+s�JbO�W2EDEx�kC鳰ݙY$w&J��y.AA�/��5r��M;fr/��cS>/��#W5���HB"+�>�aL:T{�
30XfSf~ru+u08�� ([�wtv'XqLRB�7��PU ��ō�fπiNdž�2m}
��
�m_ۯ
`E'8wD15>S,s8ߋIUP3)㦧RQ�u@VI^A�ұg�/@C׳@g.7^u,
ς2rSO�(NnZ�UrTS+JJЛga�C.'%��/&h�a~�֒%3q�R�-�ܟ`"@N|KZO]TKR2wi$y(%!%��Kg OPlXC�=B3t)7
u5�-^E�1Aq3�љnt/���;�q�A^�vԸGZ@MC�~:'_�H�ݏ'R&FӸo9)��P �K1NC�bw}�WszV^NN:�k��m}ڏ"8�.o�d��hQ^�8��K%y�;$˶u�߽�o=�rHp'Bjw>\�$'d�0
s|n]G'�6b�L`fX&IEy#SW5C2�x0M���PX!�a��P��H��T
�dIwu���αV_d�@@np�+z!NU��⯈E,e$K�e=2p%-N�x�|�-r
/UщڎB^�,~)Fy*~y:~_dxD�%�GBY{pXXJ븵vI��c~:)}Am9˝�~H�
(�Í7���"lSOkԛ�2L:1D&rޚS�E[B
{�B�A�J;TLA:߄q?Ik�vYغ�[��LpA32%I��bϔ 5m$Mj3f�k��C@$_:JIv(+Hl(dAzW�j�SӚmf�/.\|غm|<:�RpLC2��Cs:� e!>Rဏ�QFh��鳁Vˮu^c'�`|x�r�'|xj��}DyU�YQ/;GNĶS
g>#�(�3rc�vd\�:Gw*b�,_�=hrrӅ[�`��{v$sm�CٱDݘ�~�h='Fst9�7X136q�w�vb#(;A�\[5("Ξ��e�zc��lҿǥ̷rt�?K.}:Is�09j~%H@2oth�Ck�7y�EO�>O�4wX�]{'NE�V7�N{m,d�a�}?H+F��i�s(!OK�4vdLc!I )VԺ5w7`ʜ9%'+wr62�Ӣ�(�o��P2�tIK�JG3`Ⱦ�qK7�b��c8w�B'�'���w5GGpww6{e�QJW=�q-@�jjejR�-3����xL 6;x4o
:l0̠@ b@V��՛�3.B)���P`G
�܍1J��"ic$H)Ys4
M� ��_5�6���Z7:a6
*|b�Zy☖a�8\}5�߈:6"YcCƓdǟcr��s2i��TWeTW/7�__B�!]9h3�[Q@)���wC_ƥ�E/.q�h&pb�ow�x7�9�3䇷fd2ĕK�X`ˤ}[b�NO^Nnof�,Z����:9s�ς%k@؉/\�9mnU]D~9l5y�Q�ҟXΘE��!b$X6"��8"�Y/�)IwL&:YzDcY�*x�Ⱦ�m[�$J\#Gt&纇��@ns_|%EiG�wBX_-r��up'O.
`�f�ٍ"�.CN����':�+�!p��:)c�Gd3rN�H�a�={,��3xy<{I�a�,�"iX�
k�t5??_��1 o1�/�]�|�VTަ�Аt�J�qW>�\[G�O)P݇�jᇳ8+�DC;~=Y_0�Z44חm5UI)Iji .҃PI�ԘaԛMAY�.t��Υ���NtGt(키���1t"sa%���6@.$�Hyh"O^�a�Al)T�HvSz-@�`��B�R/ȑEQ� UH:hUn55IQAl:g���̈́|�(\�}6�ay -R��n�@� յ�͋BGMuxKb�x"s_N�(@�>G&^Mܼ"",=��'�5K*�Sc�_R�@|}J%L�#L��)N)IZگmDQ#D4BFD>�>q#_-a>�k�SܞPu_u_<,)L˰B\ʌ\_�P�XǗ9OxCK�L�.ݸx>:c5@�kWg,�kg̳Ƴ)'DoNoNoNoN/ܯ+jND^3*15sBض�m'T8tݸ}��$8vmʲWFO?i1�m�5w��(��Ġpdg0�A̘�z={�lSsL/l_�)�Қ/�fC�}1_*08W�rv0)[�;@��sY��Ot'}��3P@A�q
)↼�֝eqCPx�5qZN�My�iO�Q^�j�P�A% T"~=rxZ'L��RZbaR�;tȗ~� J#u{tҮ)A�H�00x!���8�|�OVvۣ%^qn֯lHN�qb�@@է�@H�CAC�l:v7$�st=O]Yz4O��kt�bu
ճ-bRlX��$�A��`W0�<55
"pJ��HW|�y/플],]xͦ��\n6-[sN�J⥮G�t4«�0��>[c�?ٖ�F�/!|�O$WF[ASEint�!M耨a GW�0Ef-<�
.IhhơD�x/테Gzl)rk�s%-a��ϼ"�15^:^� ��0{@s%1�b���h3"_
����wsWq+.�x(l�F��Nĕ�@i�bՈg#"�onXK;�SN@dٮ|c�- A\$]Y_Sb�|���_�EĻ|ݯ�3h��xw )e&y���I�i�d,V(�C�8A;mcB�O�/8{7}c�/J$��;��ڨvqQ%eGv~�vVy*xJܱ�tVPN
]R~#WG\85�s=ݶk&�.⫽LB%@4rO|k��gN3g"Q�N^lwBNΠ6k?0��Xxm&]$v�?h��b+M�$��6-1NċZ{_<@VE[6ө{GR+eX
-}-&ϲXw�Ӌ݃��yG�Yj|ubM4tF87gu4V)c2��Jf6e5ʖj`
�n(+ ��,聥愗Iv�|wouv1E�נ)8weQO|ׂ^_FB#GwԪ%I"
d^�m/'�IJOIXL�,3;(�9d�s`R
!NT7`u[|a6?{��A�'rp�я"vcO{
e�oT�ZWI�GVP_h�s| ��Ϟ9��[?I%4+u�Ks 7zQS��@�amI��Y�rҌfSt�g
f4}���Su&nm[yꏩKD#?
KD)`G%|�ߵB~뇺��~�ƒ}
J8+O|k��d�Q�[B�x8�j
�g{{[��$�]"sv;"(W�#=��t�_Ehyl?�LqGX(R�^q��odEPX�8!u%�9tѰH��L68߉N",tZ8�+Ʃ�m�l35w�1i}P2D�O#�%1�-e(=#$Gs8RG�5Śx
�KEqG~j==#��� �R"R�V(>�j
l?�Q�X2�C��7K
f��ןУQc̦"f$xr˳"*]�sN2jʾs~�\
�: G K]ɖ1xy��[/Oz'5!L7VE(�*Io�$zTG�+J$�RM�`��A~Ÿ�wYM13цX5�0~�fBGa�vDwe�7SYz�Z<1Xs�50�ںsj�&Ԙh
7p�l�:�ڤd;��L6�[K`63���=OR!g@%UX5\ ��0>5-��l�"X/ժsZ��E=4-,QkO�u,ζ�y9�+�\W3#o=/`TX�,�ѷ|ׅ�g�V(��؛L~v#lc�'%�� �<�z9~Z2ۍ�k���tP�d#)�D(�R��� ^a ᷍� ��kd̉dЩ
H
WIkm2J%3�?3\mD�Ν+�G^o.9gF.F{Ͱ�/�&Yq�o�ͳ�.0�`�1q<�
@Lwt�cI
ytT>#RF̯R߇q}%|�#'#�oDY&nĸzB��=0]LaרbF).�m2N[#Ļeŧk�S���oȒmq�^*Z�@(YYr'
o.'>�yov/>VHՕݷoh}�ext�J�"p�r�S;,MCLR>coKI c�_r�t�7%eZS[�ٓ�G8�G���@��`m̼DGR�Sx� &�Wd.4���qOr5�X<���
roE�VIv# ,@'(E슍B�vY|�𮗈B0\M3CsN.7v߾U C�i|P^[H�{�w{a�2
�����c�'L�uE)
2�r*��<�x.c₶к�lU�ᜭ#+^K��ʑ,3ho~)J ��՝��c�p�Tpr�Hw�d5"&t�8����Aߟ{=>I1%
aN���r���!-*6"))ĴF#1C�\�iĔy�9x�%6:�cȧn犱1r��T-"@a=Q#�3)-��y�ꯀ��I�t]\��P�"@H��>S�|�??~��e�KHB}�s�^7CXLi8q���Xg�-�.E�.[qʰq?]��Y�@V$pRt=��:r�tԨ)ʞ*|{�C�@u� �S��2S¤vt\/?>').yDci�� 8�^iN4_Z!�oX6�2�����=<�RXX_1[5�=Lj̧T�J�2,�S=VJ*{<��Oyݬf/��ǯy\iJd�R.
��?h�$@F쌆=xɾo�:��\�ݹ�1/E39^�9nIQst/Q{�}&ZGݪ;Gݓݫϧu粏9z|�|i5;ȱkHw�3M�-ǭ��}h�j�5=V0'(W�3OO9rߛ�orڿ�ɡ�=��>k]T�(Rh�K
"�S^9,.OsV=ןbM�exG,D<�mcLkl�ȁ0ʟ�QGЬa�]#=D)�s�җe.m� ��pjǙ@ @8z_Ew9�Mwz[0`\u ����zY8#lu�~�Le|pf�ٴQbl}�6Tq4
�5R u8�i$
�H-L�y�óHNQ?ưs�31y`ѯ�F�.h
�;c��ö0vA
l(U˚VVk[*j���f{D��ç*R'Ӏ�e`_)�&�K��<3
��.M3^e�&MȡN�!�3pC�&J5F�G P�� �}:rilD* �ۼx7lTy�N�
Nx�@���7�ʄ�,4w�W�;SŀЫِġ@����3LW5�|L:A�^0,ٵ&"m�,w1�z6mi��3��S4ǭa&ir�2@Y<)@��mC{� -cx
u1<���X!W��=s}
�3!�U{6�TxT "e�sMP���Y-7Lj1&PS*Wy�)"9<�23OH��N�#V}�0"0;c
L3.aN|I{{
TLa\Dm�8gV�@�L/u���&`ś3[lt7ص�q͘20B
>��Qqn �d`6gG�|םۈĭ�ufpo�R�O^���ێ�
��fL~nE.%x^���;�mA\C~e~)L�
nb�[>/~y$[fQC�YK~�?/9GȮ{�+-�s�O=%$Id�`�@~%�uo��cOai|�"W��ΐ�H�:"V�-���f�Y{6Dπj�
gyyU�� (p6d+ V?'{%�B+*π-sD�<�>7#Sq��
���%�^Πob�_wn7e�&PLc�cW%$}GRݤ_�=$nDJE{)ߠ(b�<%���* > T+u@Ч�
�߆Ϩn��)b��.ڎiٲs�9ebV)qme�Gf�Z-[@#5E`0l`eh�(f�Zձ
w��O 7�g}L��4צJu��AY�?_�vs[>/৲_�.(ZF#$Wc-ҭ䅤<�P8�_~c.vQ%eNܔ�uF.Dm�hT4X�%*lˢ�7�M��/߶�7qݼg¶,yX\�F4X�3'5c��b@xVO�=f_q�x�FN|,�X�:t�g)�dr̅�2 !IyyU~ҥ�N�.I,'_aQd+$*)�ؐ�W
���k`�bV@���1,sLf7}OA '�Ɣ
ϰ"�- s�+9)��,cכ�S'�>�U 3
.^3Ơ`{e��7��5�HQ[h=�"Y�C��ӯ�3=�|לk �r?qmr�?{��s\9,C��clʲ�cv9aR�r[�W`2�Z�.<'�,�(`,��$v"V�THKMΡmlP�0H6�^?tCf��*$w�@˽ōm]�^g"a7:��_h8E�8y��b3Sq2��īJ�Ѭd�;j
����g�_yROȅ�^`\YB��C�^y{N�`!˾tں>!�M*`'g�ί>!�T!6�{xvY`Eq{ş�u�)h#/)Z�N� zWtEg0�m\}l6�n&_��!�-2�VjwVVtƦ�I21qz륍yQ'b"mR?
۔̡r&s.c�M�Wb\)֦O*LΗ��+&|&��R2ֱ=RZ`'l/Z6w?̟0�*��
|
