Should Cybersecurity Be Subject to a SOX-Type Regulation?

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with.  However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbanes-Oxley Act (SOX) type approach? In this ISACA Podcast, Senior Director Mike Tomaselli joins ISACA’s Robin Lyons in this episode to discuss how this approach would create a risk-based, internal control model focused on cybersecurity that includes enforcement capabilities and requires third-party oversight and executive accountability. To read Should Cybersecurity Be Subject to a SOX-Type Regulation? Please visit www.isaca.org/should-cybersecurity-be-subject-to-a-sox-type-regulation.  To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.