26 Jun 2017

Whether you’re five years old or have kids that are too old to trick-or-treat, you’ve probably heard about poisoned Halloween candy. Maybe you were told that people put razor blades in apples, or maybe it was cyanide-laced Jolly Ranchers but no matter what you were told you’ve probably completely unwrapped a few pieces of Halloween candy before eating them. What does poison Halloween candy have to do with cybersecurity you ask? We’re getting there. Back in the 1970s, Ronald Clark O’Bryan was convicted of giving his son cyanide-laced pixie sticks on Halloween. His motive was to kill his son and collect on a large life insurance policy he’d taken out on him, but ever since generations of people have thought there is a chance that they’ll get poisoned candy trick-or-treating.

Because all it takes is one person to ruin something great for everyone else. For example, you can thank the guys over at Enron for the Sarbanes-Oxley Act. (SOX)

We all know that Enron hid financial information that led to investors losing billions of dollars when the company collapsed, but what some people don’t know is the legislation, SOX, that was signed into law to make sure it would never happen again. That meant that under SOX all publically traded companies would have to have a financial framework that could give accurate reports that would be read and approved by the executives of a company while not being altered in any way.

That’s the meat of the law, but there are two sections that apply specifically to cybersecurity. Section 404 of SOX requires companies to include how they protect financial information in their reports, and how well they protect it. For example, under SOX a company must have internal controls (cybersecurity measures) that can be audited using control frameworks like COBIT. The other section that regards cybersecurity is section 302 which hands all the responsibility of protecting sensitive information directly to the executives of a company. Not only do executives have to review SOX reports and sign off on them being factually sound, but under Section 302 also says that the “signing officers” are responsible for establishing internal controls, making sure that those operating the internal controls can send information to them, including their own conclusion of the effectiveness of the internal controls, and that all the deficiencies within the internal controls have been identified and presented to the auditor.

Basically, SOX makes sure that no executive can ever mislead anyone about the internal workings of a company again, including its cybersecurity.

And following SOX is just as to follow as it is to understand, not to mention expensive. In 2008 the SEC estimated that it costs the average company $2.3 million annually in compliance costs, and that’s not including the fines for not being SOX compliant. If a corporate officer submits inaccurate information they could face a fine of $1 million and 10 years in prison, and that’s if they do by mistake. If found to have purposefully submitted false information, a corporate officer could face fines up to $5 million and a 20-year prison sentence.

Does all this regulation and penalty seem unnecessary to you? At one time it was, but then a couple of idiots ruined it for everyone and now we’re all dealing with the consequences. Until we can completely trust CEO’s, SOX will be here to make sure no one plays by their own rules no matter how hard it is on honest people. If you’re dancing around being SOX compliant, don’t. Either read every last line of the law twice or hire a professional who has, and make sure you never find yourself on the wrong side of SOX.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top