The Enron mess, for example, resulted in passage of the Sarbanes-Oxley (SOX) Act of 2002. Which, in turn, has left many publicly-traded companies searching for ways to become compliant with a whole new set of reporting and data integrity standards.
Some are relying on COBIT (Control Objectives for Information and related Technology), while others are looking to compliance applications from financials vendors such as Oracle. But there is another way to attain compliance using ISO 17799, a standard for managing data security comprised of a series of security best practices approved in 2000.
"If you are compliant with 17799, you'll meet the expectations of SOX," said Michael Higgins, managing director of the Technology Risk Management practice for Tekmark Global Solutions who also teaches computer security and business continuity operations at The George Washington University. That's why CIOs at large publicly-held companies often lead the charge for 17799 compliance.