Defining appropriate access controls is very important for organizations in pursuit of Sarbanes Oxley compliance. In an IT environment, access controls need to be in place for securing critical applications, network, databases and operating systems. In complex information technology environments, user authentication is done at the network level. This calls for enhanced user access controls at the network level. Normally, access controls are monitored by the IT operations department. The Security administrator within the IT operations bears the primary responsibility of defining user access controls. The role of the security administrator in defining user access controls includes the following activities:

1. Granting and maintaining user access based on the access control policy defined by the management. System adminstrator ensures that only active users in the organization have a user id, all terminated users are deactivated in the system.

2. Security adminstrator establishes general system controls, including system default passwords, implementing security patches and disabling unneccesary services.

3. The security administrator also monitors and reports to the management on security related issues. He is responsible for escalating serious issues to management so as to enable quick resolution of IT issues.

4. Finally, the security administrator performs peridoic re-certification of user accounts, authenticates user accounts and resolves user access issues using problem tracking mechanims. All of the above activities performed by the security administrator contribute to better access controls which mean better sarbanes oxley compliance.

Related Posts

Developing an Information Security Policy
Concept of Digital Signatures
Recovery Time Objectives
Confidentiality, Integrity & Availability