Skip to main content

Security Controls for Sarbanes-Oxley Section 404 IT Compliance: Authorization, Authentication, and Access

Security Controls for Sarbanes-Oxley Section 404 IT Compliance: Authorization, Authentication, and Access

ISBN: 978-0-471-78414-2

Oct 2005

312 pages

Select type: E-Book

$40.99

Product not available for purchase

Description

  • The Sarbanes-Oxley Act requires public companies to implement internal controls over financial reporting, operations, and assets-all of which depend heavily on installing or improving information security technology
  • Offers an in-depth look at why a network must be set up with certain authentication computer science protocols (rules for computers to talk to one another) that guarantee security
  • Addresses the critical concepts and skills necessary to design and create a system that integrates identity management, meta-directories, identity provisioning, authentication, and access control
  • A companion book to Manager's Guide to the Sarbanes-Oxley Act (0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404 (0-471-65366-7)
About the Author.

Acknowledgments.

Introduction.

Chapter 1: The Role of Information Technology Architecture in Information Systems Design.

Chapter 2: Understanding Basic Concepts of Privacy and Data Protection.

Chapter 3: Defining and Enforcing Architecture.

Chapter 4: Combining External Forces, Internal Influences, and IT Assets.

Chapter 5: Simplifying the Security Matrix.

Chapter 6: Developing Directory-Based Access Control Strategies.

Chapter 7: Integrating the Critical Elements.

Chapter 8: Engineering Privacy Protection into Systems and Applications.

Chapter 9: The Value of Data Inventory and Data Labeling.

Chapter 10: Putting It All Together in the Web Applications Environment.

Chapter 11: Why Federated Identity Schemes Fail.

Chapter 12: A Pathway to Universal Two-Factor Authentication.

Appendix A: WWW Resources for Authentication, Authorization, and Access Control News and Information.

Appendix B: Important Access Control and Security Terms.

Appendix C: Critical Success Factors for Controls Design.

Appendix D: Sample Policy Statements for Compulsory Access and Security Controls.

Appendix E: Documentation Examples.

Appendix F: Sample Job Description for Directory Engineer/Schema Architect.

Index.