Security Controls for Sarbanes-Oxley Section 404 IT Compliance : Authorization, Authentication, and Access

Dennis C. Brewer

  • 出版商: Wiley
  • 出版日期: 2005-10-21
  • 售價: $1,900
  • 貴賓價: 9.5$1,805
  • 語言: 英文
  • 頁數: 262
  • 裝訂: Paperback
  • ISBN: 0764598384
  • ISBN-13: 9780764598388
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)




  • The Sarbanes-Oxley Act requires public companies to implement internal controls over financial reporting, operations, and assets-all of which depend heavily on installing or improving information security technology
  • Offers an in-depth look at why a network must be set up with certain authentication computer science protocols (rules for computers to talk to one another) that guarantee security
  • Addresses the critical concepts and skills necessary to design and create a system that integrates identity management, meta-directories, identity provisioning, authentication, and access control
  • A companion book to Manager's Guide to the Sarbanes-Oxley Act (0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404 (0-471-65366-7)


Table of Contents:

About the Author.



Chapter 1: The Role of Information Technology Architecture in Information Systems Design.

Chapter 2: Understanding Basic Concepts of Privacy and Data Protection.

Chapter 3: Defining and Enforcing Architecture.

Chapter 4: Combining External Forces, Internal Influences, and IT Assets.

Chapter 5: Simplifying the Security Matrix.

Chapter 6: Developing Directory-Based Access Control Strategies.

Chapter 7: Integrating the Critical Elements.

Chapter 8: Engineering Privacy Protection into Systems and Applications.

Chapter 9: The Value of Data Inventory and Data Labeling.

Chapter 10: Putting It All Together in the Web Applications Environment.

Chapter 11: Why Federated Identity Schemes Fail.

Chapter 12: A Pathway to Universal Two-Factor Authentication.

Appendix A: WWW Resources for Authentication, Authorization, and Access Control News and Information.

Appendix B: Important Access Control and Security Terms.

Appendix C: Critical Success Factors for Controls Design.

Appendix D: Sample Policy Statements for Compulsory Access and Security Controls.

Appendix E: Documentation Examples.

Appendix F: Sample Job Description for Directory Engineer/Schema Architect.