Do We Need a Sarbanes-Oxley for the Internet?

With Internet and online banking transactions growing to the point where billions of dollars are moved daily, some experts are wondering if the industry needs to collaborate on rules that will hold organizations accountable for operating, providing and commercializing Internet service. Should Internet companies have to answer to a higher authority?

A new article on the CIO Today website is tackling that very question. "I'm held to accountability through Sarbanes-Oxley (SOX) and all these other regulatory requirements," Larry Jarvis, vice president of network engineering for Fidelity Investments is quoted as saying in the article. "That doesn't exist for some of these critical elements in the Internet."

In the article, Jarvis recommends that companies, along with government and academics, create a new body to define and enforce Internet security standards. However, the article warns that some experts say previous attempts to form such a body have failed because of the changing nature of security technology.

"The track record of the industry in evaluating stuff against security guidelines is not good," says Steve Bellovin, a computer science professor at Columbia University. "It's very difficult to get a system certified, and once you get something certified it's obsolete. If nothing else, computer systems don't stand still."

The article even points out that some experts say the ultimate coordination for Internet security will wind up in the hands of the federal government, and more specifically, under the auspices of SOX.

"Sarbanes is going to figure it out in the not too distant future: They need to look at the networks," Clif Triplett, global technology information officer at General Motors, says in the article. "If the network is one of the key elements of [our] business ... we're thinking that this Sarbanes-Oxley thing is going to grow in scope over time."

To read the full article, click here: http://www.cio-today.com/story.xhtml?story_id=13100002N2ZC