The Sarbanes-Oxley Act, though a step in the right direction toward getting companies to close the gap between actual behavior and corporate policy, is subject to such broad interpretation as to make its implementation and enforcement in the IT world a ni
Firms that rely extensively on the use of technology for financial and other kinds of reporting may be dependent on the open-IP network to do business with suppliers, customers and partners. This dependence leads to concern over network security, thanks to vulnerabilities made evident by attacks such as Slammer and SoBig.
Sarbanes-Oxley requires reports and assessments, but not a secure IT infrastructure. Clear definitions of "best practice" must be developed, especially in financial industries such as banking and insurance.
Read the entire Red Herring column here