SOX
Sarbanes-Oxley Act
SOX is the U.S. federal law enacted in 2002 that requires publicly traded companies to maintain internal controls over financial reporting. Section 404 mandates that IT systems supporting financial data have documented and tested security controls.
Como é usado em cibersegurança
GRC analysts design and test IT general controls (ITGCs) for SOX compliance, covering access management, change management, and backup procedures. Security engineers implement segregation of duties, audit logging, and access reviews on financial systems. SOX audits run annually and require close coordination between cybersecurity, IT, and finance teams.
As definições são explicações originais escritas para fins de desenvolvimento profissional. Para definições técnicas autoritativas, consulte NIST, ISO ou o órgão de normalização correspondente.