The Impact of the Sarbanes Oxley Act on IT Security

This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts. According to the Deloitte and Touche Information Security and Privacy Group, 'there is a lack of clarity on the impact of multiple governance initiatives (including Sarbanes-Oxley) on information security'.4 By not specifically addressing IT security the Act leaves room for interpretation.