Sarbanes-Oxley and it security: An exploratory case study investigating the impact of section 404 on information security

by Gawaly, Hatem I., Ph.D., CAPELLA UNIVERSITY, 2009, 142 pages; 3339463


The Sarbanes–Oxley (SOX) Act of 2002 was the U.S. government's response to financial scandals at Enron, WorldCom, Tyco, and other large companies under the horizon of the U.S. Securities and Exchange Commission. The primary goal of SOX is to protect investors from fraudulent activities of publicly traded organizations. SOX compliance implicitly impacts Information Technology (IT) security strategies. The real problem facing IT departments is the lack of direction in complying with section 404, which addresses the requirement of effective internal controls regarding financial statement reporting. This exploratory single-case study investigated the impact of SOX section 404 on information security in large-cap public companies located in the United States. In addition, the research examined the strategic elements required to ensure a sustainable and SOX-compliant IT strategy that ensures information security. This case study was mainly qualitative but substantiated with quantitative data. Individual interviews with executive leadership were conducted using both structured and unstructured questionnaires. Employee surveys along with internal and external auditors' reports were utilized for data triangulation purposes. Results indicated that SOX section 404 has a positive impact on organizations' information security policies, and that risk management, constant training, and automation are key factors in establishing a sustainable and SOX-compliant IT strategy that ensures information security.

AdviserJelena Vucetic
Source TypeDissertation
SubjectsManagement; Information science; Computer science
Publication Number3339463

About ProQuest Dissertations & Theses
With nearly 4 million records, the ProQuest Dissertations & Theses (PQDT) Global database is the most comprehensive collection of dissertations and theses in the world. It is the database of record for graduate research.

PQDT Global combines content from a range of the world's premier universities - from the Ivy League to the Russell Group. Of the nearly 4 million graduate works included in the database, ProQuest offers more than 2.5 million in full text formats. Of those, over 1.7 million are available in PDF format. More than 90,000 dissertations and theses are added to the database each year.

If you have questions, please feel free to visit the ProQuest Web site - - or contact ProQuest Support.