Skip to Content

Cybersecurity for Small Business

Speaking Presentations

Intellectual Property

Discrete Professionals

Schedule a FREE Consultation

Cybersecurity for Small Business

Speaking Presentations

Intellectual Property

Discrete Professionals

Schedule a FREE Consultation

Cybersecurity for Small Business

Speaking Presentations

Intellectual Property

Discrete Professionals

Schedule a FREE Consultation

Sarbanes-Oxley (SOX)

114TH CONGRESS, 2D SESSION H. R. 5069 amended the Sarbanes-Oxley Act of 2002 to protect investors by expanding the mandated internal controls reports and disclosures to include cybersecurity systems and risks of publicly traded companies.
The Sarbanes-Oxley (SOX) act of 2002 is a law passed by U.S Congress to protect investors from financial scams. The SOX framework outlines best security practices for avoiding fraudulent financial transactions through a system of internal checks.
Recently, SOX has evolved into more than just a framework for ensuring financial record accuracy. It now includes cybersecurity components to ensure financial institutions address common cybersecurity risks that could impact financial activity.
An example of such a cyber threat is phishing attacks. During these attacks, hackers commonly pose as CEOs and CFOs to convince staff to initiate fraudulent transactions. SOX compliance now also supports the implementation of security controls across resources and IT infrastructures housing financial data.

Is Complying with SOX Mandatory?

SOX compliance is mandatory for all public companies, Because SOX shares common security controls with the NIST, SOX compliance can be supported with the following controls from the NIST Cybersecurity Framework (CSF):
• Deploy risk assessments - Risk assessments are one of the best ways of discovering deficiencies in regulatory compliance, both internally and for each third-party vendor.
• Protect critical assets - Assets housing sensitive information critical to business continuity require significant protection against cybercriminals. This process begins by identifying all critical assets and quantifying the business impact if they're compromised.
• Establish a regular auditing schedule - To prove SOX compliance, two yearly audits are required - one by an external independent auditing body and another by the organization - to highlight internal controls and management's contributions to supporting continuous improvement in financial data protection.
• Harmonize cybersecurity initiatives - To support rapid security posture improvements, governance is required to harmonize security efforts throughout the organization. Deep attack surface visibility is key to achieving this.
• Ensure business continuity - Establish policies demonstrating business continuity in the event of a cyberattack. This can be achieved with an Incident Response Plan (IRP).

What are the penalties for not complying with SOX?

The penalties for not complying with SOX include:
Public stock exchange delisting
Loss of Officers Liability Insurance (D&O)
Removal of directors
Management is also penalized, with the severity increasing when fraud is intentional.
If a CEO of CFO intentionally certifies a periodic report that doesn't comply with SOX:
They could be imprisoned for up to 10 years.
They could be fined up to $1 million.
If a CEO of CFO intentionally falsifies certification:
They could be imprisoned for up to 20 years.
They could be fined up to $5 million.

Let’s talk!
Your free consultation is waiting.

Request a FREE Consultation

CyberSecurity4biz, LLC

Remote/Virtual Services provided in the US and Canada

Phone (540) 300-5501
Email consultant@cybersecurity4biz.com

Privacy Policy