There should be a security equivalent of SOX (Score 1)

Sarbanes Oxley mandates tracking, understanding and responsibility for financials. It should not be too difficult to define a standard set of practices that include yearly security reviews, updates and reports including recommendations by IT that must be signed off by corporate officers. If companies were forced to take this seriously, by the threat of fines, and this information were visible to shareholders they would be more likely to take it seriously.