A survey of 500 IT and security decision makers revealed that most aren’t up-to-date with their regulatory requirements. Regulations set out very specific requirements regarding data storage, use and security and should be viewed equal or more important than internal security measures. Sarbanes-Oxley (SOX) and Payment Card Industry Data Security Standards (PCIDSS) are examples of such regulation.
Of the 500 IT professional surveyed, 57% of the US respondents didn’t know if they were SOX complaint. SOX addresses specific insider security threats of fraudulent activity and data security. Although it applies to public organisations, having an awareness of such an important piece of legislation is vital for any IT manager and they set an excellent benchmark for any private company to operate by.
PCIDSS has a much wider application to business. This international standard on credit card data processing applies to any business taking a credit card payment (most), yet two-thirds of IT professionals aren’t sure if they are compliant.