Here’s a load of horsewax.

Report: Sarbanes-Oxley could threaten security
Published: July 11, 2005, 12:52 PM PDT
By Steve Ranger
Special to CNET News.com

The multimillion-dollar cost of complying with the Sarbanes-Oxley Act is diverting spending away from protecting against other security threats, according to a new report.

The Information Security Forum, an international security association, said Monday that it calculates that many of its members expect to spend more than $10 million on information security controls to comply with regulations laid down by Sarbanes-Oxley.
….
Jones also warned that SOX could divert attention from more-pressing security risks: “For organizations whose business is not primarily financial, for example the manufacturing or product-service industries, the diversion of information security attention from other risk areas to SOX compliance may lead to important business risks being neglected.”

“It is important that Sarbanes-Oxley does not push organizations into following a compliance-based approach rather than a risk-based approach that may compromise information security,” he added. (Story.)

Please. SarbOx isn’t compromising security, the pathological drive to reduce all operating costs to zero regardless of risk is compromising security. Once upon a time there was a thing called “the cost of doing business.” Now, the only thing like a fixed cost remaining is percent return for shareholders.

Say a business returns X% to the shareholders. The biz incurs a new cost in a critical sphere of operations, like security – call it Y. Some would say shareholders are going to have to settle for X%-Y if they want to keep their business at previous levels. But no, the new math says that those running the company have to return (X+1)% next year no matter what, because the same = less. So instead of absorbing Y, we now have to slash Y (as well as X%+1) from somewhere else – I know, how about security?!

It’s bad enough that business has succumbed to this kind of diseased logic, but that “journalists” play along is unbearable. This story shouldn’t be coddling the idea that a consumer safeguard measure like SarbOx, enacted in the wake of feckin’ Enron to keep thieving whores like Lay and Skilling from pillaging employees, retirees, shareholders, the state of California, etc., like a pack of syphilis-maddened huns, is harming security. No, the people deciding that the security budget is expendable, they’re the ones threatening security.

Come on cNet, grow a set.