Sarbanes-Oxley Act (Sarbox, SOX)
Purpose: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
To whom it applies: US public company boards, management and public accounting firms.
Key points for CISOs: SOX places requirements around maintaining integrity and availability of financial data, and controls for who has access to that data. Specific rules need to be in place for:
GLBA meaning and definition
The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. The general public may be most aware of the GLBA in the context of debates as to whether it helped cause the 2008 subprime mortgage crisis, but for IT professionals, it s much better known for the data security and privacy mandates it imposes on a wide range of companies and organizations, even beyond the banking industry. While many of these rules represent best IT practices, the legal stakes of noncompliance are high, with big fines and even potential jail time looming for those who fall short.