The growth in new threats to information security in critical business infrastructures means that compliance with standard requirements is an enduring problem. Organizations are compelled to divert significant resources away from finding solutions to their core business problems towards meeting their compliance needs. Research indicates that companies spent at least 15 percent of their technology budget on ensuring compliance with various standard requirements in 2006. For joint-stock companies whose shares are quoted on the New York Stock Exchange (NYSE), the necessity of meeting the high Sarbanes-Oxley (SOX) standards required of issuers provides a major incentive in optimizing their IT security arrangements. Organizations using a unified solution to ensure compliance with a range of standard requirements spend only around one tenth of the resources expended by other companies.