Q
Problem solve Get help with specific problems with your technologies, process and projects.

FISMA and SOX

Why do I still keep hearing about breaches of confidentiality even though compliance to FISMA and SOX have been on the books for years?

Why do I still keep hearing about breaches of confidentiality even though compliance to FISMA and SOX have been on the books for years?
This is a question that many people asked in the wake of disclosure of the theft of a notebook belonging to a Veteran's Affairs employee that contained records for over 20 million former service people. The answers are many, but most relate to a failure to understand the sensitivity of the data, and to take the steps necessary to secure such data in a way that makes it safe to leave it on a notebook that's allowed outside the door of the building. Encrypting the whole drive beneath the BIOS would have been helpful, so that its contents simply couldn't be accessed by anyone with resources short of what the NSA might bring to bear. Establishing a policy about how and when such data can leave the building in any form, with appropriate safeguards and accountability, would probably have also prevented such a loss from occurring in the first place. Increasing mobility can lead to increased vulnerability, especially when the implications and the exposures to risks involved aren't fully explored and managed.

Dig Deeper on SOX financial reporting compliance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

ComputerWeekly.com

Close