Information Security Forum warns cost of compliance hurting security spend
A new report by the Information Security Forum is warning that the cost of complying with Sarbanes-Oxley legislation is diverting spending away from other security threats.
According to the ISF, many companies are spending more than $10m on information security controls for Sarbanes-Oxley.
ISF said the 'business imperative' to comply with Sarbox meant that, in many cases, the true cost of compliance was 'unknown'.
The report also found problem areas including poor documentation, informal controls and use of spreadsheets, lack of clarity when dealing with outsource providers and insufficient understanding of the internal workings of large business applications.
See full Article.
Posts
