AppSecInc Tackles SarbOx, FISMA Compliance

 
 
By Lisa Vaas  |  Posted 2005-04-01 Email Print this article Print
 
 
 
 
 
 
 

The database security vendor's new best-practices policies test security strength from both inside and out and are available as a free download.

AppSecInc will roll out canned best policies for its database-auditing and intrusion detection software on Monday at InfoSec World. The latest additions to AppSecIncs current roster of best practices will cover the Sarbanes-Oxley Act and FISMA, the Federal Information Security Management Act. SarbOx requires accountability for the integrity of financial reporting by executives, auditors, securities analysts and legal counsel. FISMA is a framework for ensuring information security for federal information and assets, and mandates that all government agencies report their overall security health to the Office of Management and Budget, which in turn reports to Congress.
At the heart of all this accountability resides the database, with its wealth of detailed, sensitive information about financial transactions, customer names, patient files, and social security and credit card information.
Ted Julian, vice president of marketing for the New York firm, said the new templates came about after customers complained of trying to ground regulatory compliance within their databases and within their infrastructures. As it is now, Julian said, companies track transactions in a laborious and high-level manner. "For example, in the case of SarbOx, theyll say, Joe and Steve are responsible for handling those transactions on the balance sheet," Julian said.
Why are public companies finding Sarbanes-Oxley compliance expensive? Click here to read more. Organizations are trying to make that process more granular and repeatable, Julian said. Application Security Inc. is aiming to enable that approach with tools that allow companies to run tests on databases or applications at any time, thus enabling enterprises to hand over to auditors a clean bill of health for their databases when necessary, he said. Click here to read about the Sarbanes-Oxley Report Pack in Ecora Softwares Enterprise Auditor software suite. Both the FISMA and SarbOx policies for AppDetective—the companys application-level vulnerability assessment scanner—consist of a Pen Test policy and an Audit policy. The Pen Test policy tests security strength from an external perspective to ensure confidentiality, integrity and availability by determining susceptibility to privilege escalation, password attacks and other known vulnerabilities. The Audit policy gauges vulnerability to insider threats by testing for privilege escalation. The tests span all application components and include checks for misconfigurations, as well as for strong access and identification/password controls. The best-practices policy template for AppDetective will be available for free download on Monday. Policies for AppRadar—a real-time database intrusion detection and security-auditing tool—will be available later in the month. Check out eWEEK.coms for the latest database news, reviews and analysis.
 
 
 
 
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel