LogRhythm for Sarbanes Oxley (SOX)

LogRhythm and SOX Compliance
The Sarbanes-Oxley Act (SOX) requires that all publicly traded companies implement and affirm a framework of internal controls. These controls support accountability and integrity of the financial reporting process. Executive management and all key financial reporting processes, which include the IT environment, are subject to SOX compliance requirements. Non-compliance may result in financial penalties, potential jail or prison sentences, and possibly the forfeiture of any bonuses or incentives for Senior Management. Additionally, the company may be prevented from listing itself with securities exchanges for material non-compliance. These penalties will likely have a negative impact on the company's stock value and reputation as a whole.
Today's companies rely heavily on their IT infrastructure in the financial reporting process. The infrastructure typically consists of heterogeneous devices, systems, and applications - all reporting log data. Millions of individual log entries can be generated daily if not hourly. The task of organizing this information can be overwhelming in itself. The additional requirements of analyzing and reporting on log data have rendered manual processes or homegrown remedies inadequate and too costly.
The collection, management, and analysis of log data are integral to meeting many SOX requirements. LogRhythm can help. The use of LogRhythm directly meets some requirements and decreases the cost of complying with others.
LogRhythm Report Center Screenshot LogRhythm automates Log Collection, archive, and recovery across the entire IT infrastructure. LogRhythm automatically performs the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm's powerful alerting capability automatically identifies the most critical issues and notifies relevant personnel. With the click of a mouse, LogRhythm's out-of-the box SOX reporting packages ensure you meet your reporting requirements.
Learn how LogRhythm's comprehensive log management and analysis solution can help your organization meet or exceed SOX compliance requirements.
Copyright 2008 LogRhythm, Inc. All Rights Reserved Page 1 of 6

LogRhythm - SOX Control Mappings between CobiT and COSO:
When SOX was enacted, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was the designated framework for internal controls. However, COSO only touches on IT controls and is more designed around organizational and management processes. Therefore, the Control Objectives for Information and related Technology (CobiT) framework has been adopted to provide additional direction as it relates to IT control objectives. Many IT environments have adopted CobiT as their main source for SOX guidance. The following table maps each LogRhythm relevant CobiT IT Process to the relevant COSO components. COSO Components t ne t sm n en ndie t o oni ir m av ti is a v t ns cc gn ioe i nE A ns t i l l rs uao o oCobiT IT Processes A tr r mm it t rk nn n mos f oio o onC R C I C M
Acquire & Implement (AI) Enable Operations and Use X X Manage Changes X X X
Deliver and Support (DS) Ensure Systems Security X X X
Manage the Configuration X X Manage Problems X X X
Manage Operations X X
Monitor and Evaluate (ME) Monitor and Evaluate IT performance X X X
Monitor and Evaluate Internal Control X X Copyright 2008 LogRhythm, Inc. All Rights Reserved Page 2 of 6

LogRhythm - CobiT Control Analysis The table below outlines each CobiT control objective that LogRhythm helps to address. The "Illustrative Controls" were nd 1taken directly from the "IT Control Objectives for Sarbanes-Oxley, 2 Edition ". This column briefly describes the primary control process that is required to ensure compliance. The "How LogRhythm Supports Compliance" column describes the capabilities LogRhythm provides that help a company achieve compliance. In some cases LogRhythm can be used to directly meet the control objective, in others, LogRhythm helps verify the control objective is met and/or reduces the cost of meeting the objective.