SOX and Its Effects on IT Security Governance

The Sarbanes-Oxley (SOX) Act is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. This paper discusses the effects of Sarbanes-Oxley (SOX) Act on corporate information security governance practices.