• Gordon, L. A., M. P. Loeb, William Lucyshyn,  and Tashfeen Sohail, "The Impact of the Sarbanes-Oxley Act on the Corporate Disclosures of Information Security Activities," Journal of Accounting and Public Policy, Vol. 25, No. 5,  2006, pp. 503-530.

This paper empirically examines the impact of the Sarbanes-Oxley Act (SOX) of 2002 on the voluntary disclosure of information security activities by corporations. The empirical evidence provided clearly indicates that SOX is having a positive impact on such disclosure. These findings provide strong indirect evidence that corporate information security activities are receiving more focus since the passage of SOX than before SOX was enacted.