Resources for Sarbanes-Oxley (SOX)

Achieving Regulatory Compliance through Security-Information Management

netForensics

The explosion of legislation regarding the privacy and security of information is having a profound effect on organizations of all sizes and shapes. These laws, in combination with less formal standards agreed to among nations and organizations across the world, are driving executives and boards of directors to look very closely at details they never cared about before. Suddenly the CIO, CTO, and CSO find themselves accountable for a daunting amount of security requirements and a relentless cycle of compliance auditing.

The challenges associated with these pressures vary to some degree by industry and regulation, but in general they can be satisfied by tailoring an information-security program and architecture to provide the necessary elements of risk management, policy development, active monitoring and incident response, documentation and reporting, and organizational security awareness. No one product or mechanism can ever be a complete solution for the challenge of information security. Maintaining an acceptable level of risk is achieved through a combination of program and process elements, effective management and expertise, and use of the right tools for the task.

View the Resource

Share or bookmarklet this web page at: