Leave a comment

Sarbanes-Oxley: Protecting Stocks and Stopping Scandals

by John Kulas, Bridge360 Software Security Analyst

In my previous blog, we began a discussion on technology-related compliance standards, why we have them, how they work and the specific ways in which they protect us. I introduced the Payment Card Industry Data Security Standard (PCI-DSS) as one of the most well-known and widely applied standards in the U.S. economy.

Another major standard that many larger companies must comply with is the Sarbanes–Oxley Act of 2002, more commonly known as “SOX” (pronounced “socks”). Let’s talk more about SOX, because it has made some pretty big news over the last decade.
Continue reading


Leave a comment

Payment Card Industry Data Security Standard (PCI -DSS)

by John Kulas, Bridge360 Software Security Analyst

Why compliance you might ask?
Why do we need compliance,what good does compliance do?

I’ll define “compliance” in terms of obeying a request, a law, or, in particular, a standard. Obviously there are usually penalties if you are not compliant.

  1. If you do not comply with someone’s request, that person might be angry with you;
  2. If you do not comply with the speed limit sign, a policeman might observe your non-compliance and either write you a ticket to pay a fine or maybe remove you from your car and haul you off to jail;
  3. If you do not comply with a standard, depending on which standard, there are a variety of penalties, ranging from fines, mandated actions, delisting your company from the stock exchange and/or imprisoning your corporate officers.

I am a Certified Information Systems Auditor (a “CISA”, certified by ISACA, see http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/What-is-CISA/Pages/default.aspx) so I am most interested in the 3rd example. In the next few posts I’ll comment on three fairly well known technology-related compliance standards, why we need them, and how they work:

  1. Payment Card Industry Data Security Standard (“PCI-DSS”).
  2. Sarbanes–Oxley Act of 2002 (“SOX”)
  3. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the American Recovery and Reinvestment Act of 2009 (“ARRA”)

Continue reading