November 03, 2010, 1:16 PM — This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or reg as well as information about what and who is covered.
The list is intentionally US-centric, but includes selected laws of other nations that have an impact on US-based global companies.
The security regulations and guidelines directory will be updated and expanded over time on CSOonline.com. Please email editor Derek Slater (dslater@cxo.com) with suggestions or updates.
Click on a link to skip to a subsection of the directory:
* Broadly applicable laws and regulations
* Industry-specific guidelines and requirements
Section one: Broadly applicable laws and regulations
Sarbanes-Oxley Act (aka Sarbox, SOX)
What Sarbanes-Oxley covers: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
More about Sarbanes-Oxley
* How infosec can learn to love Sarbanes-Oxley
Who is affected: U.S. public company boards, management and public accounting firms.
Full text of Sarbanes-Oxley Act: http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/content-detail.html
Key requirements/provisions: The Act is organized into 11 titles:
1. Public Company Accounting Oversight
2. Auditor Independence
3. Corporate Responsibility
4. Enhanced Financial Disclosures
5. Analyst Conflicts of Interest
6. Commission Resources and Authority
7. Studies and Reports
8. Corporate and Criminal Fraud Accountability
