ABSTRACT
The Sarbanes-Oxley Act arising from the Enron bankruptcy contains a number of provisions directly affecting the structure and governance of information security. Because the relationship of the act to the information security arena is not quite as intuitive, security managers of the enterprise suffer from hard time to solve the problems regarding this Act. This paper provides the logical analysis and useful comments: (1) the security issues of the Act, (2) the introduction of the ISO/IEC 17799, and (3) the application methods of ISO/IEC 17799 to the Act. With this paper, the security managers could manage the brain-teasing works of information security management to meet the requirements of the SO A.
