
	Home > Ask the Financial Services Information Security Experts > Questions & Answers > FISMA and SOX

Ask The Financial Security Expert: Questions & Answers

EMAIL THIS

FISMA and SOX

EXPERT RESPONSE FROM: Ed Tittel

		Pose a Question

		Other Financial Security Categories

		Meet all Financial Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 09 October 2006
Why do I still keep hearing about breaches of confidentiality even though compliance to FISMA and SOX have been on the books for years?

This is a question that many people asked in the wake of disclosure of the theft of a notebook belonging to a Veteran's Affairs employee that contained records for over 20 million former service people. The answers are many, but most relate to a failure to understand the sensitivity of the data, and to take the steps necessary to secure such data in a way that makes it safe to leave it on a notebook that's allowed outside the door of the building. Encrypting the whole drive beneath the BIOS would have been helpful, so that its contents simply couldn't be accessed by anyone with resources short of what the NSA might bring to bear. Establishing a policy about how and when such data can leave the building in any form, with appropriate safeguards and accountability, would probably have also prevented such a loss from occurring in the first place. Increasing mobility can lead to increased vulnerability, especially when the implications and the exposures to risks involved aren't fully explored and managed.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SOX financial reporting compliance
	Audit requirements drive demand for privileged account management
	Regulatory reform will require much work ahead
	Infosecurity pro pitfalls
	Using virtualization for compliance efforts
	SureWest makes the call on SOX compliance
	Survey: Life back on track at financial firms after SOX
	Five steps for SOX compliance
	Keeping SOX 404 under control(s)
	Sarbanes-Oxley testing cuts could mean cost cuts
	Some Things SOX Doesn't Say: SOX Myths

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

SOX Section 404 (SearchFinancialSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Banking Security: ID Management, Authentication Methods, User ID and Password Security

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2008 - 2009, TechTarget \| Read our Privacy Policy