Skip to main content

Risk Management Solutions for Sarbanes-Oxley Section 404 IT Compliance

Risk Management Solutions for Sarbanes-Oxley Section 404 IT Compliance

John S. Quarterman

ISBN: 978-0-471-79309-0 April 2006 312 Pages




  • Examines how risk management security technologies must prevent virus and computer attacks, as well as providing insurance and processes for natural disasters such as fire, floods, tsunamis, terrorist attacks
  • Addresses four main topics: the risk (severity, extent, origins, complications, etc.), current strategies, new strategies and their application to market verticals, and specifics for each vertical business (banks, financial institutions, large and small enterprises)
  • A companion book to Manager's Guide to the Sarbanes-Oxley Act (0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404 (0-471-65366-7)
About the Author.



Chapter 1: Introduction.

Chapter 2: The Risk: Big and Growing Fast.

Chapter 3: Solutions and Providers.

Chapter 4: Strategies for Affected Verticals.

Chapter 5: Banks and Basel II.

Chapter 6: Financial Institutions Beyond Quantification.

Chapter 7: Large Enterprises: Big Risks, Big Solutions.

Chapter 8: Small Enterprises: Surviving Risks.

Chapter 9: Internet Service Providers: Bonded and Insured.

Chapter 10: Governments: Guarantors of Last Resort.

Chapter 11: Insurers and Reinsurers.

Chapter 12: Summary: Managing Internet Risk in a Scale-Free World.


  • The law does not stop at U.S. borders; it extends to overseas operations of companies publicly traded on U.S. exchanges.
  • Walks the reader through the risk management security technologies needed to prevent virus and computer worm attacks, phishing, hacking, as well as insurance and processes for natural disasters like fire, flood, tsunami, terrorist attacks, etc., all in compliance with Section 404.
  • Author has a strong media platform and travels extensively as a speaker, e.g. panel moderator at 2005 RSA Security Conference/member of the U.S. President's National Security Telecommunications Advisory Committee (NSTAC) and has a blog on the topic