Security and risk management

Compliance doesn't begin and end with the Sarbanes-Oxley Act (SOX). Company must also keep up with the various security standards, the Health Insurance Portability and Accountability Act (HIPAA) and numerous other regulations and guidelines. It's a tall order, but it's one company must face in order to protect their customers and stay in line with standards set by the IT industry as well as the government.

Managers and CIOs face regular data security and privacy issues as they are expected to effectively use technology to share data while still following specific rules and regulations to protect personal information.

Health Insurance Portability and Accountability Act (HIPAA) protects health insurance coverage for workers and their families when they change or lose their jobs.

Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management is controls that the organizations need to implement to ensure that it is sensibly managing these risks.

IT asset management is the set of business practices that join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment. Assets include all elements of software and hardware that are found in the business environment.

IT auditing is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's goals or objectives.

Information technology law is a set of recent legal enactments, currently in existence in several countries, which governs the process and dissemination of information digitally. These legal enactments cover a broad gambit of different aspects relating to computer software, protection of computer software, access and control of digital information, privacy, security, internet access and usage, and electronic commerce.

The Sarbanes-Oxley (SOX) Act was signed into a US federal law on 30 July 2002. The Act is designed to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures. The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure.