SOX
Sarbanes-Oxley Act
SOX is the U.S. federal law enacted in 2002 that requires publicly traded companies to maintain internal controls over financial reporting. Section 404 mandates that IT systems supporting financial data have documented and tested security controls.
Cómo se usa en ciberseguridad
GRC analysts design and test IT general controls (ITGCs) for SOX compliance, covering access management, change management, and backup procedures. Security engineers implement segregation of duties, audit logging, and access reviews on financial systems. SOX audits run annually and require close coordination between cybersecurity, IT, and finance teams.
Las definiciones son explicaciones originales escritas con fines de desarrollo profesional. Para definiciones técnicas autorizadas, consulta NIST, ISO o el organismo de normalización correspondiente.