Join Books.org — it's free
Home > Books > Security Controls for Sarbanes-Oxley Section 404 IT Compliance: Authorization, Authentication, and Access

Electrical & Electronic Engineering, Database Management, Electrical & Electronic Engineering, Computers - General & Miscellaneous
Security Controls for Sarbanes-Oxley Section 404 IT Compliance: Authorization, Authentication, and Access by Dennis C. Brewer — book cover

Security Controls for Sarbanes-Oxley Section 404 IT Compliance: Authorization, Authentication, and Access

by Dennis C. Brewer
Write a review
Log in to track your reading progress.

Overview

  • The Sarbanes-Oxley Act requires public companies to implement internal controls over financial reporting, operations, and assets-all of which depend heavily on installing or improving information security technology
  • Offers an in-depth look at why a network must be set up with certain authentication computer science protocols (rules for computers to talk to one another) that guarantee security
  • Addresses the critical concepts and skills necessary to design and create a system that integrates identity management, meta-directories, identity provisioning, authentication, and access control
  • A companion book to Manager's Guide to the Sarbanes-Oxley Act (0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404 (0-471-65366-7)

Synopsis

Your step-by-step guide to creating authentication processes that assure compliance

To comply with Sarbanes-Oxley Section 404, you must design an information technology infrastructure that can protect the privacy and access integrity of your data, particularly online, while not restricting business activity. This book shows you how to do that, explaining what you need to know every step of the way.

  • Recognize eight concepts that constitute privacy of information

  • Apply the security basics—identification, authentication, authorization, access control, administration, auditing, and assessment

  • Use features already present in directory technology, directory schema, and meta-synchronization to improve security profiles

  • Integrate a security architecture into legacy, current, and future applications

  • Create security domain definitions that will stop data predators cold

About the Author, Dennis C. Brewer

Dennis C. Brewer is IT Security Solutions Specialist for the Information Technology Department of the State of Michigan. His responsibilities include identity management and privacy protection initiatives for the state.

Reviews

There are no reviews yet. Log in to write one.

Editorials

From Barnes & Noble

The Barnes & Noble Review
If you’re an IT manager in a public (or soon-to-be-public) company, chances are you’re already wrestling with Sarbanes-Oxley Section 404. The law’s new demands for strong internal control rely heavily on your information security infrastructure. Security measures that were “adequate” a few years ago are now an invitation to SEC and stockholder lawsuits. In this book, Dennis Brewer offers you a cost-effective framework for complying with 404 without compromising the business value of usability of IT services.

Brewer’s central goal: to apply “the discipline of architecture” to organizing and managing security design in both new systems and retrofits. His book is nothing if not systematic. It’s about understanding exactly where you are, where you need to be, and what processes will get you there.

Brewer helps you define a “security matrix” that frames how you will -- and won’t -- design for security. With this context in place, he walks through the principles and design tasks involved in implementing identity, authentication, and access controls to protect both applications and information.

There’s a full chapter on using directory services and “meta-functionality” to link identity and access control. Next, Brewer takes a good, hard look at federated identity systems, an area where hype has often obscured reality. You’ll discover where these systems offer value, but Brewer also warns you about ways they can actually complicate SOX compliance.

Amongst this book’s many indispensable resources: a primer on developing effective security policies, with samples for administration, access control, authorization, authentication, identity management, assessment, and auditing. Bill Camarda, from the December 2005 Read Only

Book Details

Published
October 1, 2005
Publisher
Wiley, John & Sons, Incorporated
Pages
262
Format
Paperback
ISBN
9780764598388

More by Dennis C. Brewer

Picture Yourself Networking Your Home or Small Office
Picture Yourself Networking Your Home or Small Office
Wiring Your Digital Home For Dummies
Wiring Your Digital Home For Dummies
How to Quit Smoking in Only Three Days: A Personal Guide to End Tobacco Use
How to Quit Smoking in Only Three Days: A Personal Guide to End Tobacco Use

Similar books

Uncertainty Management in Information Systems: From Needs to Solutions
Uncertainty Management in Information Systems: From Needs to Solutions
Model-Based Software and Data Integration: First International Workshop, Mbsdi 2008, Berlin, Germany, April 1-3, 2008, Proceedings
Model-Based Software and Data Integration: First International Workshop, Mbsdi 2008, Berlin, Germany, April 1-3, 2008, Proceedings
Digital Rights Management
Digital Rights Management
Protecting Business Information: null
Protecting Business Information: null
Practical Oracle Security: Your Unauthorized Guide to Relational Database Security
Practical Oracle Security: Your Unauthorized Guide to Relational Database Security
Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing
Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing
Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing
Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing
Intelligence and Security Informatics
Intelligence and Security Informatics
Scalable High Performance Computing for Knowledge Discovery and Data Mining
Scalable High Performance Computing for Knowledge Discovery and Data Mining
Content Computing
Content Computing