摘要
萨班斯法案全称Sarbanes-Oxley法案(SOX),是美国颁布的一部旨在加强对上市公司监管,提高治理水平,提高投资者信心的法案。该法案中的302条款和404条款需要IT信息系统的配合及适应。现有IT治理规范中,COSO和COBIT规范是被广泛接受的标准化评价规范。该文从上面几点入手,着眼于SOX对企业信息系统在权限控制以及资源管理方面的要求,分析了为遵循SOX而需要达到的这两方面的功能和要求。最后基于分析得出的结论,提出了在SOA架构下的为遵循法案而设计的SOX Complier模型。SOX Complier结合了权限分析和审计监控功能,为企业范围各系统以及管理人员提供一系列服务组件,帮助企业信息系统提高安全性和效率,降低法案遵循成本,已达到更快更好遵循SOX法案的目的。
Sarbanes-Oxley(SOX) Act is an American act to strengthen control on companies,raise administration level and ensure the confidence of investors.The 302 and 404 sections of SOX need the support and adaptation of IT systems.In the current IT administration standards,COSO and COBIT are the most adapted ones.This thesis starts from the points above and focuses on SOX's impact on enterprise information system in access control and resource management requirements.And in the end,the thesis comes to the conclusion,putting forward the SOA architecture SOX Complier.SOX Complier combines access control and auditing functions to provide a series of service components,helps enterprise information systems to be more safe and effective,and decrease the cost to comply to SOX faster and better.
出处
《微型电脑应用》
2009年第2期17-20,4,共4页
Microcomputer Applications
