Security Controls for Sarbanes-Oxley Section 404 IT Compliance

* The Sarbanes-Oxley Act requires public companies to implementinternal controls over financial reporting, operations, andassets-all of which depend heavily on installing or improvinginformation security technology* Offers an in-depth look at why a network must be set up withcertain authentication computer science protocols (rules forcomputers to talk to one another) that guarantee security* Addresses the critical concepts and skills necessary to designand create a system that integrates identity management,meta-directories, identity provisioning, authentication, and accesscontrol* A companion book to Manager's Guide to the Sarbanes-Oxley Act(0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404(0-471-65366-7)

About the Author.Acknowledgments.Introduction.Chapter 1: The Role of Information Technology Architecture inInformation Systems Design.Chapter 2: Understanding Basic Concepts of Privacy and DataProtection.Chapter 3: Defining and Enforcing Architecture.Chapter 4: Combining External Forces, Internal Influences, andIT Assets.Chapter 5: Simplifying the Security Matrix.Chapter 6: Developing Directory-Based Access ControlStrategies.Chapter 7: Integrating the Critical Elements.Chapter 8: Engineering Privacy Protection into Systems andApplications.Chapter 9: The Value of Data Inventory and Data Labeling.Chapter 10: Putting It All Together in the Web ApplicationsEnvironment.Chapter 11: Why Federated Identity Schemes Fail.Chapter 12: A Pathway to Universal Two-FactorAuthentication.Appendix A: WWW Resources for Authentication, Authorization, andAccess Control News and Information.Appendix B: Important Access Control and Security Terms.Appendix C: Critical Success Factors for Controls Design.Appendix D: Sample Policy Statements for Compulsory Access andSecurity Controls.Appendix E: Documentation Examples.Appendix F: Sample Job Description for Directory Engineer/SchemaArchitect.Index.