and Information Security
Gordon, L. A., M. P. Loeb,
William Lucyshyn, and Tashfeen Sohail, "The Impact of the
Sarbanes-Oxley Act on the
Corporate Disclosures of
Information Security Activities," Journal
of Accounting and Public Policy,
Vol. 25, No.
5, 2006, pp. 503-530.
This paper empirically
examines the impact of the Sarbanes-Oxley
Act (SOX) of 2002 on the voluntary
disclosure of information security
activities by corporations. The empirical
evidence provided clearly indicates that
SOX is having a positive impact on such
disclosure. These findings provide strong
indirect evidence that corporate
information security activities are
receiving more focus since the passage of
SOX than before SOX was enacted.