文档介绍：上海交通大学
硕士学位论文
基于SOX权限与资源控制模型的研究
姓名:张建宏
申请学位级别:硕士
专业:计算机应用技术
指导教师:张忠能
20090115
基于 SOX 权限与资源控制模型的研究

摘要

萨班斯法案全称 Sarbanes-Oxley 法案(SOX),是美国颁布的一部
旨在加强对上市公司监管,提高治理水平,提高投资者信心的法案。该
法案中的 302 条款和 404 条款需要 IT 信息系统的配合及适应。现有 IT
治理规范中,COSO 和 COBIT 规范是被广泛接受的标准化评价规范。
本文从上面几点入手,着眼于 SOX 对企业信息系统在权限控制以及资
源管理方面的要求,分析了为遵循 SOX 而需要达到的这两方面的功能
和要求。最后本文基于分析得出的结论,提出了在 SOA 架构下的为遵
循法案而设计的 plier 模型。plier 结合了权限分析和
审计监控功能,为企业范围各系统以及管理人员提供一系列服务组件,
帮助企业信息系统提高安全性和效率,降低法案遵循成本,以达到更快
更好遵循 SOX 法案的目的。

关键词:萨班斯法案;信息系统;权限控制;SOA;plier;协
同遵循;

– 2 –
A RESEARCH ON ACCESS AND RESOURCE CONTROL
PLYING WITH SARBANES-OXLEY ACT



ABSTRACT


SOX Act is the abbreviation of Sarbanes-Oxley Act. It is an act to
enhance corporation’s control, leverage governance level and help investors
to rebuild their confidence for the market. The term 302 and 404 need the
cooperation and adaptation of information systems. In the IT governance
standards, COSO and COBIT are the most accepted and standardized
assessment standard. This essay starts from the points mentioned above and
focus on SOX’s impact and requirement on corporate information system’s
access control and resource management. Then it analyzes the function and
requirement ply with SOX. Finally, the essay concludes with SOX
Complier, which is designed for pliance under the SOA framework.
bines access analysis and audit monitoring functions. It
provides ponents for information systems and management
staffs within corporate and helps corporate information system to leverage
security and efficiency and lower the pliance cost though which
corporate ply with SOX faster and better.

KEY WORDS: Sarbanes-Oxley Act; Information System; Access Control;
SOA; plier; pliance;

– 3 –
图片目录
图 1  SOX 对企业的影响······················································································· 8 
图 2  SOX 法案 302 条款和 404 条款······························································&#1