EC-Council Certified Security Analyst (ECSA v8) — Question 26
Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
Answer options
- A. USA Patriot Act 2001
- B. Sarbanes-Oxley 2002
- C. Gramm-Leach-Bliley Act (GLBA)
- D. California SB 1386
Correct answer: A
Explanation
The Sarbanes-Oxley Act of 2002 is the correct answer as it specifically requires management to establish and maintain internal controls for financial reporting. The USA Patriot Act, while significant for security, does not address internal controls in financial reporting. The Gramm-Leach-Bliley Act focuses on financial privacy, and California SB 1386 pertains to data breach notifications, neither of which relate directly to internal control structures.