[ISN] Sarbanes-Oxley kicks in

InfoSec News isn at c4i.org
Tue Nov 16 08:36:47 EST 2004


By Dawn Kawamoto 
Staff Writer, CNET News.com
November 15, 2004

A section of the Sarbanes-Oxley Act took effect Monday, part of new
accounting regulations that promise to be a multimillion-dollar
bonanza for security companies.

Under Section 404 of the law, publicly traded companies must have
policies and controls in place to secure, document and process
material information dealing with their financial results. Vendors
helping companies with compliance are expect to reap $5.8 billion next
year, with 28 percent going to technology companies, according to an
AMR Research survey released Friday.

"Technology will play an increasingly significant role in the
integration of SOX (Sarbanes-Oxley) compliance initiatives into the
business process," John Hagerty, vice president of research at AMR,
said in a statement.

This year, companies and organizations are expected to spend $1.13
billion on technology to comply with Sarbanes-Oxley. That is expected
to increase to $1.62 billion next year, according to the study.

Providers of technology for internal and external security are
expected to capture a good slice of this business. Other sectors set
to benefit include document and record management; business process
management to integrate disparate business systems; applications
compliance management software; and application suites to standardize
the business processes for financial transparency.

Technology vendors have changed their marketing pitch as the
regulations have taken hold, industry analysts have noted. Congress
passed the Sarbanes-Oxley Act in 2002, aiming to counter financial
scandals such as those at Enron or WorldCom, by imposing more
transparency in accounting procedures.

"A year ago, the vendors had ineffective messaging. They said their
products were compliant and put a patina of compliance on everything
they wrote to market them," said Paul Proctor, vice president of
security and risk strategies at Meta Group. "Now vendors say their
products address compliance."

More information about the ISN mailing list