Dennis C. Brewer 
Security Controls for Sarbanes-Oxley Section 404 IT Compliance 
Authorization, Authentication, and Access

* The Sarbanes-Oxley Act requires public companies to implementinternal controls over financial reporting, operations, andassets-all of which depend heavily on installing or improvinginformation security technology* Offers an in-depth look at why a network must be set up withcertain authentication computer science protocols (rules forcomputers to talk to one another) that guarantee security* Addresses the critical concepts and skills necessary to designand create a system that integrates identity management, meta-directories, identity provisioning, authentication, and accesscontrol* A companion book to Manager’s Guide to the Sarbanes-Oxley Act(0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404(0-471-65366-7)

Inhaltsverzeichnis

About the Author.Acknowledgments.Introduction.Chapter 1: The Role of Information Technology Architecture in Information Systems Design.Chapter 2: Understanding Basic Concepts of Privacy and Data Protection.Chapter 3: Defining and Enforcing Architecture.Chapter 4: Combining External Forces, Internal Influences, and IT Assets.Chapter 5: Simplifying the Security Matrix.Chapter 6: Developing Directory-Based Access Control Strategies.Chapter 7: Integrating the Critical Elements.Chapter 8: Engineering Privacy Protection into Systems and Applications.Chapter 9: The Value of Data Inventory and Data Labeling.Chapter 10: Putting It All Together in the Web Applications Environment.Chapter 11: Why Federated Identity Schemes Fail.Chapter 12: A Pathway to Universal Two-Factor Authentication.Appendix A: WWW Resources for Authentication, Authorization, and Access Control News and Information.Appendix B: Important Access Control and Security Terms.Appendix C: Critical Success Factors for Controls Design.Appendix D: Sample Policy Statements for Compulsory Access and Security Controls.Appendix E: Documentation Examples.Appendix F: Sample Job Description for Directory Engineer/Schema Architect.Index.

Über den Autor

Dennis C. Brewer is IT Security Solutions Specialist for the Information Technology Department of the State of Michigan. His responsibilities include identity management and privacy protection initiatives for the state.