A recent press release from a security company named Red Siren announced the availability (after registration) of survey results (1.2 MB PDF). Responses from more than 300 information technology and security professionals working in the public, private and government sectors were collected during November. A C|Net news story Security workers praise Sarbanes-Oxley highlighted some of the survey results, drew on past C|Net articles and added some of it's own conclusions.
One part of the press release stands out for me.
To bring more value and perspective to readers of the survey, RedSiren asked security market analysts at Current Analysis, and the security practice leader of Baker & McKenzie LLP to provide sanitized independent and in-depth review of the results.
"The survey results provide strong evidence for the fact that information security is no longer just a technical issue for the IT department - it has clearly become a legal issue for most businesses as well," said Thomas Smedinghoff, with Baker & McKenzie LLP [...]
While this discussion is clearly centered around the technical aspects of security it also illuminates some of the complex relationships between the technical, legal and business communities that are increasingly being addressed more directly than in the past. Areas once thought to be of interest to purely technical audiences clearly have wider impact. The sections of Sarbanes-Oxley that highlight the need to better manage IT assets (including software) are another indicator that more attention to these important cross-departmental issues are being taken seriously.
