- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
If you’re an IT manager in a public (or soon-to-be-public) company, chances are you’re already wrestling with Sarbanes-Oxley Section 404. The law’s new demands for strong internal control rely heavily on your information security infrastructure. Security measures that were “adequate” a few years ago are now an invitation to SEC and stockholder lawsuits. In this book, Dennis Brewer offers you a cost-effective framework for complying with 404 without compromising the business value of usability of IT services.
Brewer’s central goal: to apply “the discipline of architecture” to organizing and managing security design in both new systems and retrofits. His book is nothing if not systematic. It’s about understanding exactly where you are, where you need to be, and what processes will get you there.
Brewer helps you define a “security matrix” that frames how you will -- and won’t -- design for security. With this context in place, he walks through the principles and design tasks involved in implementing identity, authentication, and access controls to protect both applications and information.
There’s a full chapter on using directory services and “meta-functionality” to link identity and access control. Next, Brewer takes a good, hard look at federated identity systems, an area where hype has often obscured reality. You’ll discover where these systems offer value, but Brewer also warns you about ways they can actually complicate SOX compliance.
Amongst this book’s many indispensable resources: a primer on developing effective security policies, with samples for administration, access control, authorization, authentication, identity management, assessment, and auditing. Bill Camarda, from the December 2005 Read Only