SOx compliance and Enron: The Smartest Guys in the Room

If you are involved with Linux security, you might already have come across SOx compliance. Usually from a sysadmins point of view, work doesn’t get easier due to these compliance requirements. Still there are some lessons we can learn, followed by a great documentary to watch about Enron.

The Sabanes-Oxley Act, SOx for short, now applies to all companies who like to have their stock exchanged at the New York stock exchange (NYSE). The goal of SOx is to reduce fraud and make people responsible if they are guilty of committing to fraud. This includes jail time and high fines, to ensure fraud won’t be unpunished.


Most of us might remember the name WorldCom, which was the second largest telecom provider in the US. Big companies have to take huge risks to be competitive and valuable for their shareholders. To continue showing great figures and pumping up the share prices, companies may fall into less ethical practices, like accounting fraud.

One of the frauds discovered at WorldCom was the use of capital expenditures (CAPEX) while they were actual normal expenses. These costs (or investments) normally are used for buying assets, or increasing the value of assets. As they are investments, they can’t be applied to normal expenses.

To get a full history of the company, have a look at the Wikipedia WorldCom page.


Enron was a company investing and trading in the worlds of energy. It took high gambles and made great promises to investors. That was, when everyone discovered that you simply can’t always win. The documentary “Enron: The Smartest Guys in the Room” perfectly explains how companies have to cover up a single lie, by applying the next one. Definitely worth watching to get a better understanding on why fraud and unethical behavior do not belong in a healthy company. Better yet, that the punishment will be harsh for everyone involved.

The documentary is available on Netflix, including several documentary websites and popular video streaming sites.

What can we learn?

Information security is a strategical resource for companies to protect their assets. At the same time, fraud on every level in the company can result in a lack of trust and even let companies collapse. In the case of Enron we can actually discover the impact it might have on the market, on people’s jobs and retirement funds.

Another things we can learn is that if something looks to be good to be true, it usually is. Most of us know this saying, yet we don’t apply it always. For example the case when buying new software solutions which promise magic, or what about falling into the trap of e-mail scams. While paranoia might not be the solution, a little bit more than average can’t hurt.

While SOx compliance might complicate your work, it ensures the company does business in an honest and ethical way. Additionally, it might give you the leverage to get the right security tools in place, to protect the valuable assets of the company, including your own personal details. After all, information security reaches places we can’t always see ourselves.

Be safe and stay honest.

Take the next step!

Want to learn more about Linux security? Have a look at the open source tool Lynis and become a Linux security expert yourself.

Lynis is a battle-tested technical security audit tool. It is open source, freely available, and used by system administrators all over the world. Other users include IT auditors, security professionals, like pentesters.

Tool Information

Visit project page
Screenshot of Lynis security tool