Sarbox draining corporate security budgets

News Analysis

Sarbox draining corporate security budgets

Corporate investment to comply with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF).
 
The ISF has 260 corporate members worldwide, including half of the Fortune 100 companies in the US, who make up a significant number of firms that the Sarbanes-Oxley Act is aimed at.

The report said that even though most ISF members were spending more than £5.7m ($10m) on complying with the US Sarbanes-Oxley legislation, many faced problems in achieving full compliance and were also struggling to protect other areas of their business.

According to the ISF, the business imperative to comply with the data security legislation has also meant that in many cases the true cost of compliance is unknown. Companies are struggling to overcome problems of poor documentation, informal controls and use of spreadsheets, lack of clarity when dealing with outsourcing providers, and insufficient understanding of the internal workings of large business applications. 
 
ISF consultant Andy Jones said, “In the wake of financial scandals like Enron and WorldCom, the Sarbanes-Oxley Act was designed to improve corporate governance and accountability but has proved difficult to interpret for information security professionals.

"The diversion of information security attention from other risk areas to Sarbanes-Oxley compliance may lead to important business risks being neglected."


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy