However, as is the case with virtually all large-scale projects, complying with SOX using 17799 can be difficult and expensive.
For large companies Higgins estimates the cost of implementing 17799 would likely run in the low six figures and that would be for companies with a strong security infrastructure to begin with. Much of that cost will be related to documentation, but some expense will come from, as Higgins put it, "interpolating the standard."
In broad terms, the 17799 standard covers areas such as:
Like most such efforts, where you are at security-wise will determine how far you have to go but ultimately, to be successful, buy-in from all employees is required. This means creating a culture of security, not just implementing security products, said Earl Crane, a senior consultant with Foundstone, a security products and services provider.
"Firewalls do nothing if somebody's setting up a rogue (wireless) access point," Crane said. "You need to create a mindset of security to correct those problems and that's a management issue."