This chapter discusses the impact of Sarbanes-Oxley (SOX) Act on corporate information security governance practices. The resultant regulatory intervention forces a company to revisit its internal control structures and assess the nature and scope of its compliance with the law. This chapter reviews the organizational implications emerging from the mandatory compliance with SOX. Industry internal control assessment frameworks, such as COSO and COBIT, are reviewed and their usefulness in ensuring compliance evaluated. Other emergent issues related to IT governance and the general integrity of the enterprise are identified and discussed.