Sarbanes-Oxley Act compliance should not be a distraction to security where the focus is on writing mountains of policies and procedures.
It should, however, be used as a business differentiator, as an enabler for risk management and as a mechanism to use frameworks and certifications to better align business goals and process with security best practices. Nowhere is this more evident than issues surrounding insider threats.
There is a growing trend for information security budgets to be shared between traditional security projects and compliance-related agendas. This makes sense because the consequences of an insider threat, for example, parallel many of the concerns around Sarbanes-Oxley: loss of confidential or intellectual property, exposed sensitive information, damaged or destroyed assets, and severed communications. This can result in legal fees, fines, diminished reputation, loss of customers and of shareholder faith and financial harm. While the focus of this article is specifically on Sarbanes-Oxley, it can also be applied to the European Union's Eighth Directive and Basel II.
See full Article.
Posts
