< Back

What is the single most challenging Sarbanes-Oxley issue today?

John Payne
Breach Security

One of the most interesting challenges in Sarbanes Oxley compliance is the interaction (and sometimes contradiction) between compliance with Sarbanes Oxley and simultaneous adherence to the requirements of the many other federal and state regulations that affect large organizations.

These conflicts are always important and require thoughtful integration and implementation to assure consistent treatment and reporting. But sometimes those interactions can even serve to heighten the risks of non-compliance.

An easy example is the interaction between Sarbanes Oxley and California SB 1386, recent legislation that requires that any organization which maintains in a database the private information of a resident of the state of California (this of course includes virtually every large corporation in the United States) make a disclosure to any affected resident in the event that the database is compromised and the residents information has been at risk.

Imagine the look on the face of the CEO and CFO who had just signed the certification of their companys 10-Q filing with the Securities and Exchange Commission when suddenly they were informed of the need to publish a press release and send emails to 300,000 of their best customers disclosing the breach of a major database and the risk to those customers of the loss of their privacy and potentially even their identity.

Directly related?  Maybe not. Indirectly very important to all parties involved?  Of course. This is a challenge which isnt taken seriously enough, except by those unfortunate companies who have had to deal with the problem in the past.

John Payne is a long time leader and entrepreneur in technology markets focused on software, Internet services, wireless communications and handheld technologies.

He serves as CEO and Chairman of Breach Security, Inc., a leading provider of application security appliances that protect corporate and commercial applications, databases and the web presentation layer from attack by automated and human intruders.

In addition to his role at Breach Security, John serves as Chairman of Preventsys, a private San Diego-based provider of network security software. Prior to Preventsys, John served as CEO of two public software companies: Day Software, a leader in the enterprise content management market, and, where he led multiple private and public financings. John is a regular speaker at industry and trade conferences, and holds several United States patents in the areas of wireless Internet broadcasting and data communications.

Breach Security is focused on deployable application security and recognizes the need for adaptive security that learns from application behavior rather than coding and configuration maintenance.

The company�s primary product is the BreachGate suite of application security appliances, which protect static and dynamic applications. Breach Security also sells other security technology products that enhance the operations of network intrusion detection and prevention systems.

Breach�s products feature a revolutionary system of Adaption� - essentially, an automated learning process that eliminates the need for manual security policy development and configuration. Today, most security point products require several hours� worth of configuration and monitoring. These manual processes can swamp overburdened IT departments. With Adaption�, Breach products dynamically learn what�s considered acceptable and standard �behavioral procedures� for an organization�s numerous applications, and become sensitive to suspect changes in usage patterns.

As a result, Breach products can detect hacking attempts within milliseconds, build forensics profiles, and, can aid in regulatory and privacy policy compliance issues � ultimately reducing financial risks and ensuring business continuity.

With headquarters in Carlsbad, California, sales offices across the United States, and R&D facilities in Herzliya, Israel, Breach Security provides a truly global focus on today's application security challenges.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY