Implementing section 404 of the sarbanes oxley act: Recommendations for information systems organizations

Section 404 of the Sarbanes Oxley (SOX) Act addresses the effectiveness of internal controls, which in most organizations are either fully or partially automated due to the pervasiveness and ubiquity of information technologies. Significant or material control deficiencies have to be reported publicly. The adverse impact on organizations declaring deficiencies can be severe, for example, damage to reputation and/or market value. While there are many practitioner-led manuals and methods for dealing with 404, there has been little published in the academic research literature investigating the role of Information Systems organizations in implementing Section 404. The paper addresses this gap in knowledge. We used institutional theory as the lens through which to examine the experiences of Section 404 implementation in three global organizations. We used the case study method and an abductive strategy to gather and analyze data respectively. Our findings are summarized in six recommendations. We found that institutional pressures play a critical role in the implementation of Section 404. In particular, organizations face coercive pressure to achieve Section 404 compliance, without which punitive sanctions can be imposed by regulators. Organizations tend to imitate one another in the methods they use so that each is perceived to be in line with their competitive environment. Organizations face normative pressures to act in ways that are socially acceptable, which is to achieve compliance. Failure to do so would be a signal to the market that the organization does not take controls seriously. We expand these findings in terms of power and influence tactics that IS organizations can use when implementing Section 404. Our findings provide directions for practice and lines of enquiry for further research

Research Agenda for Studying Open Source II: View Through the Lens of Referent Discipline Theories

In a companion paper [Niederman et al., 2006] we presented a multi-level research agenda for studying information systems using open source software. This paper examines open source in terms of MIS and referent discipline theories that are the base needed for rigorous study of the research agenda

A Research Agenda for Studying Open Source I: A Multi-Level Framework

This paper presents a research agenda for studying information systems using open source software A multi-level research model is developed at five discrete levels of analysis: (1) the artifact; (2) the individual; (3) the team, project, and community; (4) the organization; and (5) society. Each level is discussed in terms of key issues within the level. Examples are based on prior research. In a companion paper, [Niederman, et al 2006], we view the agenda through the lens of referent discipline theories

Aerospace bibliography, fifth edition

Bibliography of references, periodicals, and educational materials related to space fligh

Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe

Meter Scoping Study

This report presents a summary of metering technology and cost information from past studies in an attempt to identify key barriers to more widespread implementation