Resources for Sarbanes-Oxley (SOX)

Online Security: Continuous Vigil Inevitable

www.itvarnews.net

The Internet has matured from a phenomenon to a transformational infrastructure that is changing our society. Consumers can conduct business from virtually anywhere, and they increasingly expect companies to provide access to services, content, and information anytime, from any device. As enterprises open and extend their IT enterprise to accommodate the demands from their various constituents including employees, customers, suppliers and partners, threats and vulnerabilities increase exponentially. These threats disrupt the key assets of business: data, internal networks, website or commerce portals generating revenue. When attacks on these assets occur, they have a very real impact on the revenue, brand, and productivity of the targeted organization. Therefore, it comes as not surprise that secure business enablement has emerged at the top of the priority list for most CIO�s, given the reality of these security threats and the corporate compliance issues companies are required to address. Because security vulnerabilities can be exploited in a variety of ways, most companies have tried to adopt a more holistic paradigm across both controls and technology to safeguard their information assets.



The introduction of regulatory controls over the last decade focused initially on privacy and the mitigation of risks associated with the storage of personal data. Given the changing nature of the threat, this has expanded beyond traditional data security to an enterprise view of security that covers all types of vulnerabilities and perceived risks faced by today�s corporation. Measures like the Sarbanes-Oxley Act in the United States and other regulatory efforts in other countries have acted as a further catalyst, prompting organizations to address risks experienced by share-holders as an integral part of their operational responsibilities.

The result has been a recasting of security policy formation as a subset of overall organization controls, especially geared towards demonstrating compliance. This has pressured an increased formalization of governance structures, frequently as a direct result of actions by boards of directors. It has also spurred the development of various industry standards including Control Objectives for Information and Related Technology (CobiT) and ISO27001. CobiT is increasingly being adopted as the model by most CIOs to showcase their focus on IT controls.

View the Resource

Share or bookmarklet this web page at: