NIST, Computer Security Division, Computer Security Resource Center
 RBAC book |
"A must
read." Review from IEEE Computer Society, Security & Privacy "Overall, this is a great book." Linux Journal |
 |
2002 Gold Medal for Scientific/ Engineering Achievement - US Department |
 |
1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium |
 |
1998 Best Paper - Nat Inf Systems Security Conf |
RBAC & Sarbanes-Oxley Compliance
The Sarbanes-Oxley Act establishes a set of requirements for financial systems, to deter fraud and increase corporate accountability. For information technology systems, regulators may need to know who used a system, when they logged in and out, what accesses or modifications were made to what files, and what authorizations were in effect. IT vendors responding to Sarbanes-Oxley requirements have adopted RBAC as central to compliance solutions because RBAC was designed to solve this type of problem.
- Sarbanes-Oxley Act of 2002 and Impact on the IT Auditor, IT Knowledgebase - comprehensive introduction to Sarbanes-Oxley requirements
- Compliance: Thinking outside the Sarbox, NetworkWorldFusion, February 7, 2005 - experience with SOX compliance in a number of firms
- Rules and policies vs. actual practice, NetworkWorldFusion, February 7, 2005 - identity management and role based access
- "Information Risk": A New Approach to Information Technology Security, Sys-con.com - risk management aspects
- Implementing Sarbanes-Oxley, WebSphere Journal, November 26, 2004 - a case study of implementing SOX compliance
- Addressing the Key Implications of Sarbanes-Oxley, The Business Forum, 2004 - implications for corporate IT systems
- Solving Sarbanes-Oxley: A Business Intelligence Perspective, DMReview, December, 2003 - business intelligence approach