Security Controls for Sarbanes-Oxley Section 404 IT Compliance

Security Controls for Sarbanes-Oxley Section 404 IT Compliance : Authorization, Authentication, and Access

3.33 (3 ratings by Goodreads)
By (author) 

List price: US$50.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


The Sarbanes-Oxley Act requires public companies to implement internal controls over financial reporting, operations, and assets - all of which depend heavily on installing or improving information security technology. This work offers an in-depth look at why a network must be set up with certain authentication computer science protocols (rules for computers to talk to one another) that guarantee security. It addresses the critical concepts and skills necessary to design and create a system that integrates identity management, meta-directories, identity provisioning, authentication, and access control. This work is a companion book to "Manager's Guide to the Sarbanes-Oxley Act" (0-471-56975-5) and "How to Comply with Sarbanes-Oxley Section 404" (0-471-65366-7).
show more

Product details

  • Paperback | 262 pages
  • 185.4 x 233.7 x 17.8mm | 430.92g
  • Hungry Minds Inc,U.S.
  • Foster City, United States
  • English
  • 0764598384
  • 9780764598388
  • 2,385,051

Back cover copy

Your step-by-step guide to creating authentication processes that assure compliance To comply with Sarbanes-Oxley Section 404, you must design an information technology infrastructure that can protect the privacy and access integrity of your data, particularly online, while not restricting business activity. This book shows you how to do that, explaining what you need to know every step of the way. Recognize eight concepts that constitute privacy of informationApply the security basics--identification, authentication, authorization, access control, administration, auditing, and assessmentUse features already present in directory technology, directory schema, and meta-synchronization to improve security profilesIntegrate a security architecture into legacy, current, and future applicationsCreate security domain definitions that will stop data predators cold
show more

Table of contents

About the Author.Acknowledgments.Introduction.Chapter 1: The Role of Information Technology Architecture in Information Systems Design.Chapter 2: Understanding Basic Concepts of Privacy and Data Protection.Chapter 3: Defining and Enforcing Architecture.Chapter 4: Combining External Forces, Internal Influences, and IT Assets.Chapter 5: Simplifying the Security Matrix.Chapter 6: Developing Directory-Based Access Control Strategies.Chapter 7: Integrating the Critical Elements.Chapter 8: Engineering Privacy Protection into Systems and Applications.Chapter 9: The Value of Data Inventory and Data Labeling.Chapter 10: Putting It All Together in the Web Applications Environment.Chapter 11: Why Federated Identity Schemes Fail.Chapter 12: A Pathway to Universal Two-Factor Authentication.Appendix A: WWW Resources for Authentication, Authorization, and Access Control News and Information.Appendix B: Important Access Control and Security Terms.Appendix C: Critical Success Factors for Controls Design.Appendix D: Sample Policy Statements for Compulsory Access and Security Controls.Appendix E: Documentation Examples.Appendix F: Sample Job Description for Directory Engineer/Schema Architect.Index.
show more

About Dennis C. Brewer

Dennis C. Brewer is IT Security Solutions Specialist for the Information Technology Department of the State of Michigan. His responsibilities include identity management and privacy protection initiatives for the state.
show more

Rating details

3 ratings
3.33 out of 5 stars
5 0% (0)
4 33% (1)
3 67% (2)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X