Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.


Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

GAAP For IT? Conflicting Standards Abound

Todd Neff | November 28, 2006

If compliance is from Mars, then IT security is from Venus. Take Sarbanes-Oxley compliance as an example. The law makes clear that a corporation’s financial information shall be secure, but it says nothing about exactly how a company is supposed to achieve security in the IT realm.

At the other, far more verbose end of the spectrum, companies have an abundance of IT standards that aim to translate Sarbanes-Oxley’s broad legal, accounting, and information-management requirements into pragmatic directives that IT professionals can use.

In fact, IT-security experts say there are too many standards and that none do the job well—among the many acronyms representing standardization efforts aiming to wed compliance and information security are COSO, COBIT, ITIL, ISO 17799, ISO 27002, NIST’s 800 Series, PCI, CISWIG, and GAISP.

Some say the world needs a new IT-security standard: a Generally Accepted Accounting Principles for computing. Others... To get the full story, subscribe now.