Access "SOX compliance burdens midmarket security teams"
This article is part of the October 2009 issue of Winners of Information Security magazine's Security 7 Award
Mention the Sarbanes-Oxley Act (SOX), and the conversation is likely to steer toward giant multinational corporations and the need for broad and deep governance, risk and compliance (GRC) programs, and the chilling image of CEOs and CFOs doing the Enron perp walk. SOX forced many of these companies to re-examine and overhaul their financial controls and accounting systems, file all sorts of new reports, and pay tons of cash to the Big Four audit firms. But thousands of smaller public companies are the ones feeling most of the pain. The cost of SOX compliance is disproportionate for these companies, both in terms of percentage of revenue and cost per employee, in some cases running into the thousands of dollars per head, as opposed to the hundreds for large enterprises. "Larger companies have been built to have audits going on frequently. They are complex, so they have compliance programs," says Ed Moyle, a manager with CTG's information security solutions practice and partner at SecurityCurve. "That's where the bigger costs come in. Smaller companies have ... Access >>>
Premium Content for Free.
Melissa Hathaway: Government Must Keep Pace with Cybersecurity Threats
by Melissa Hathaway, Contributor
Securing the Internet means to much to the future of the U.S. economy and national security.
Bernie Rominski: Communicate Effectively with Management about Risk
by Bernie Rominski
Learn how to communicate with senior management about risk; it's your job.
Information Security magazine 2009 Security 7 Award winners
Information Security magazine annouces the winners of its fifth annual Security 7 Awards.
Jerry Freese: Make Critical Infrastructure Protection a Priority
by Jerry Freese
Critical infrastructure protection must be addressed today to protect our country tomorrow.
Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
by Adrian Perrig
Carnegie Mellon University's CyLab designs security to improve all aspects of society.
- Melissa Hathaway: Government Must Keep Pace with Cybersecurity Threats by Melissa Hathaway, Contributor
Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way
by Bruce Jones
Security metrics must, not only provide a view of security posture, but must support security budgeting and investment processes.
Tony Spinelli: Prioritize Information Security over Compliance
by Tony Spinelli
Organizations need to prioritize security over compliance to ensure comprehensive risk mitigation.
SOX compliance burdens midmarket security teams
Smaller public companies bear significantly higher pain in terms of revenue and costs per employee complying with Sarbanes-Oxley.
Developers Need Help with Security Errors
SQL injection attacks continue to plague Web applications. Companies need to invest in technology and education to hold off hackers.
Jon Moore: Build a Security Control Framework for Predictable Compliance
by Jon Moore
Health care provider Humana Inc., has developed a security controls framework that addresses all of the industry and federal regulations it must comply with.
- Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way by Bruce Jones
Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry
Looking back at five years of award winners provides a timeline of security trends that you need to absorb.
How to avoid Internet liability lawsuits
by Jeanne Debus
Enterprises face numerous potential liabilities online. Avoiding lawsuits requires a sound cyber risk management plan.
- Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...