Compliance Leave a comment

SOx compliance and Enron: The Smartest Guys in the Room

Enron: The Smartest Guys in the Room

If you are involved with Linux security, you might already have come across SOx compliance. Usually from a sysadmins point of view, work doesn’t get easier due to these compliance requirements. Still there are some lessons we can learn, followed by a great documentary to watch about Enron.

The Sabanes-Oxley Act, SOx for short, now applies to all companies who like to have their stock exchanged at the New York stock exchange (NYSE). The goal of SOx is to reduce fraud and make people responsible if they are guilty of committing to fraud. This includes jail time and high fines, to ensure fraud won’t be unpunished.

WorldCom

Most of us might remember the name WorldCom, which was the second largest telecom provider in the US. Big companies have to take huge risks to be competitive and valuable for their shareholders. To continue showing great figures and pumping up the share prices, companies may fall into less ethical practices, like accounting fraud.

One of the frauds discovered at WorldCom was the use of capital expenditures (CAPEX) while they were actual normal expenses. These costs (or investments) normally are used for buying assets, or increasing the value of assets. As they are investments, they can’t be applied to normal expenses.

To get a full history of the company, have a look at the Wikipedia WorldCom page.

Enron

Enron LogoEnron was a company investing and trading in the worlds of energy. It took high gambles and made great promises to investors. That was, when everyone discovered that you simply can’t always win. The documentary “Enron: The Smartest Guys in the Room” perfectly explains how companies have to cover up a single lie, by applying the next one. Definitely worth watching to get a better understanding on why fraud and unethical behavior do not belong in a healthy company. Better yet, that the punishment will be harsh for everyone involved.

The documentary is available on Netflix, including several documentary websites and popular video streaming sites.

What can we learn?

Information security is a strategical resource for companies to protect their assets. At the same time, fraud on every level in the company can result in a lack of trust and even let companies collapse. In the case of Enron we can actually discover the impact it might have on the market, on people’s jobs and retirement funds.

Another things we can learn is that if something looks to be good to be true, it usually is. Most of us know this saying, yet we don’t apply it always. For example the case when buying new software solutions which promise magic, or what about falling into the trap of e-mail scams. While paranoia might not be the solution, a little bit more than average can’t hurt.

While SOx compliance might complicate your work, it ensures the company does business in an honest and ethical way. Additionally, it might give you the leverage to get the right security tools in place, to protect the valuable assets of the company, including your own personal details. After all, information security reaches places we can’t always see ourselves.

Be safe and stay honest.

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package



Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.