• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Auditing Software for SOX

M

Mide

Golden Member
Does anyone know of or have used any application that can print out reports of AD users, what security groups they belong to and what groups are assigned permissions to what shares? A SOX auditor just came by and I can only think of doing this manually which would suck.
 
No responses hu? So there are no other IT people who work for a company in the private sector?
 
Both are fine. Although one I was looking at quoted me around 3-4k and that is totally not in the ballpark that we're looking for.
 
Mide -- You said private sector. Why would a SOX auditor be bothering you? As far as I know they can only come around when you're publicly traded. I work for a privately held organization and we don't do SOX and don't have to worry about PCI-DSS since we aren't involved with credit card payments. AFAIK we don't have to worry about anything but HIPPA.

As far as SOX auditing goes, it's probably going to cost some money. I think the SCCM (formerly MOM, EDIT: Wrong, formerly SMS) from microsoft has some canned configurations you can use for SOX audits. We use a tool from Altiris (Now part of Symantec) for this type of thing. Even though we don't have to comply with it, we still strive to do so.
 
Perhaps it is my mistake in terms of wording. I work for a company that has "gone public" so we have stocks listed on the market. I have always thought that private sector = being paid by the business itself and public sector = being paid using public money like fed jobs, state jobs, and other such entities. Is this not correct?
 
I guess you could really use either description. I just prefer to use private = no stocks, public = stocks and the compliance hassles.

I was incorrect in my last post, SCCM was formerly SMS not MOM.

Found these for you:
http://en.wikipedia.org/wiki/S..._Configuration_Manager
http://www.microsoft.com/syste...ger/en/us/default.aspx

Others you might look into:

Bigfix -- http://www.bigfix.com/
and -- http://www.bigfix.com/content/...-and-policy-compliance

Client Management Suite 7 from Symantec -- http://www.symantec.com/busine...lient-management-suite

KBOX by KACE -- http://www.kace.com/
 
Alot of what I've seen is that if you have some type of software or an appliance and are making a good faith effort to stay in compliance they are pretty accepting. If you think about it: You have a tool on all the computers gathering information and can run reports about user access levels etc, how are they going to put their own tool out there? By using yours?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top