Ms. Lew says she learned about her current position in 2004 after conversations with several fellow members of the Information Systems Audit and Control Association.
In a recent survey of 4, 500 high-level IT professionals in 83 countries, ISACA (the Information Systems Audit and Control Association) discovered that organizations fear the risks of using public cloud services.
Currently, no federal regulations are in place to govern cloud computing, and according to an April 2011 Information Systems Audit and Control Association survey of 1, 800 Chief Information Officers (CIOs), compliance is a top risk.
For example, there are 189 ISO standards for information security, our National Institute of Standards and Technology ( NIST) has produced a full set of world-class materials on information security, and the Information Systems Audit and Control Association ( ISACA) has developed its best practices, the Control Objectives for Information Technology ( CobiT).
FORBES: Congress Needs to Go Back To School on Cyber Legislation
If Mr Sarbanes's proposal becomes law, without too many concessions along the way, America may find that it has gone from having one of the world's laxest systems of audit regulation to having one of the most rigorous.
Imagine if the problem had been first identified in November via a process to audit related systems based on the one reported intrusion into the internal chat application, or if an intrusion detection system had started firing red based on the exfiltration of their entire MySQL database.
The Senate has responded by calling for a security audit of its systems.
FORBES: Testing The Limits, LulzSec Takes Down CIA's Website
He said there must be "scientific verification" of the systems that food retailers' use to audit their supply chain.
For accountants, the harshest aspect of the new legislation is its outright ban on nine kinds of non-audit service, including building financial-information systems, legal services and investment banking.
Audit Scotland also said key areas of waiting time systems were inadequate.
BBC: Audit Scotland warns NHS waiting list information 'poor'
It said that while much of this was due to failings in information management systems, it has a suspicion that there may have been "deliberate malpractice" which involved destroying audit trails and concealing evidence.
应用推荐