Unformatted text preview: pecifics. Be familiar with
why laws are developed and put in place and their overall goals, instead of memorizing
specific laws and dates.
Thus, the following sections on laws and regulations contain information you do
not need to memorize, because you will not be asked questions on these items directly.
But remember that the CISSP exam is a cognitive exam, so you do need to know the different reasons and motivations for laws and regulations, which is why these sections are
provided. This list covers U.S. laws and regulations, but almost every country either has
laws similar to these or is in the process of developing them. The Sarbanes-Oxley Act (SOX)
The Public Company Accounting Reform and Investor Protection Act of 2002, generally referred to as the Sarbanes-Oxley Act (named after the authors of the bill), was
created in the wake of corporate scandals and fraud which cost investors billions of
dollars and threatened to undermine the economy.
The law, also known as SOX for short, applies to any company that is publicly
traded on United States markets. Much of the law governs accounting practices and the ch10.indd
ch10.indd 867 12/4/2009 11:39:08 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 868
methods used by companies to report on their financial status. However, some parts,
Section 404 in particular, apply directly to information technology.
SOX provides requirements for how companies must track, manage, and report on
financial information. This includes safeguarding the data and guaranteeing its integrity and authenticity. Most companies rely on computer equipment and electronic storage for transacting and archiving data; therefore, processes and controls must be in
place to protect the data.
Failure to comply with the Sarbanes-Oxley Act can lead to stiff penalties and potentially significant jail time for company executives, including the Chief Executive Officer
(CEO), the Chief Financial Officer (CFO), and others. The Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and...
View Full Document