News

Sarbox challenge drains security budgets

Antony Savvas

International corporate spending on compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF).

An ISF report said that many of its members expected to spend more than $10m (£5.7m) on complying with the US Sarbanes-Oxley legislation. 

But despite the expenditure, many firms are facing problems in achieving full compliance and are also struggling to protect other areas of their business.

The ISF has 260 corporate members worldwide, including half of the Fortune 100 – the 100 largest public companies in the US. ISF members make up a significant number of firms that the Sarbanes-Oxley Act is aimed at.

The ISF said that the business imperative to comply with the data security legislation also meant that in many cases the true cost of compliance was unknown.

According to the report, problem areas that companies are struggling to overcome include poor documentation, informal controls and use of spreadsheets, lack of clarity when dealing with outsource providers, and insufficient understanding of the internal workings of large business applications.

“In the wake of financial scandals like Enron and WorldCom, the Sarbanes-Oxley Act was designed to improve corporate governance and accountability but has proved difficult to interpret for information security professionals,” said ISF consultant Andy Jones. 

“The diversion of information security attention from other risk areas to Sarbanes-Oxley compliance may lead to important business risks being neglected," he added.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy