Security professionals may soon find themselves fielding calls from their companies' upper management concerning the Sarbanes-Oxley Act.
Sarbanes-Oxley, named for the two Congressmen who sponsored it, on the surface doesn't have much to do with IT security. The law was passed to restore the public's confidence in corporate governance by making chief executives of publicly traded companies personally validate financial statements and other information.
President Bush signed on the law on July 30, 2002. Initially, companies had to be in compliance this fall, but extensions were granted. Large corporations now have until June 15, 2004, to meet the requirements of Sarbanes-Oxley. Smaller companies have to comply by April 15, 2005.
Congress passed the law in quick response to accounting scandals surrounding Enron and other companies. Sarbanes-Oxley deals with many corporate governance issues, including executive compensation and the use of independent directors. "When it was initially adopted, the last thing on their minds was security.
See full Article.
Posts
