The multimillion-dollar cost of complying with the Sarbanes-Oxley Act is diverting spending away from protecting against other security threats, according to a new report.
The Information Security Forum, an international security association, said Monday that it calculates that many of its members expect to spend more than $10 million on information security controls to comply with regulations laid down by Sarbanes-Oxley.
U.S. members of the ISF include MetLife, CitiGroup, Electronic Data Systems and Safeway.
ISF consultant Andy Jones said that though SOX was designed to improve corporate governance and accountability, it has proved difficult to interpret for information security professionals.
"As neither the legislation nor the official guidance specifically mentions the words 'information security,' the impact on security policy and the security controls that need to be put into place must be determined by each individual organization in the context of their business," he said.
The ISF warns that SOX ignores security issues that are extremely important when dealing with risks to information, such as business continuity and disaster recovery. This makes it important to integrate compliance into a wider IT security and corporate governance strategy, it said.
Jones also warned that SOX could divert attention from more-pressing security risks: "For organizations whose business is not primarily financial, for example the manufacturing or product-service industries, the diversion of information security attention from other risk areas to SOX compliance may lead to important business risks being neglected."
"It is important that Sarbanes-Oxley does not push organizations into following a compliance-based approach rather than a risk-based approach that may compromise information security," he added.
Considering the billions of dollars government is throwing around I'm sure the government can throw another couple million in these business's direction. You can't tell me that a government that is near 8 trillion dollars in debt doesn't enjoy blowing cash. The money's going somewhere. I wish I could say it was going in my pocket.
I'm not sure why CNET runs an unsubstantiated blurb like the one ISF put out on SOX 'harming' the security effort. It was obviously written by someone with no knowledge on the subject. Risk is an integral part of the assessment of internal controls for IT and no contrary information was provided. The SOX bottom line is only 'prove it' don't just tell Management you have good security.
The two telecom carriers will carry a next-generation iPad running on the fast, next-generation wireless technology, sources tell The Wall Street Journal.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
