Sarbanes-Oxley Compliance Using COBIT and Open Source Tools
- 1st Edition - September 10, 2005
- Imprint: Syngress
- Authors: Christian B Lahti, Roderick Peterson
- Language: English
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 4 8 9 6 7 - 4
This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThis book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.
Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives.
Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives.
- Shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications
- Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals
CFO, VP, Director of Finance – Since the Sarbanes-Oxley act is squarely aimed at responsible financial controls and reporting, the executive finance team of any company should be interested in the ways Open Source can reduce their cost of compliance. Every chapter in the book will begin with the management perspective of compliance as it relates to the subject material contained within.
CIO, VP Director of IT – This book is very focused on the IT aspects of compliance, in both the use of Open Source as the infrastructure components which make up the core IT footprint within the enterprise as well as the use of Open Source to assist and automate the task of documenting and tracking compliance and internal controls, independent of whether they are derived from proprietary or Open Source systems.
IT Operations Management, Administration – Although the book will deal with many of the management considerations in the deployment of Open Source, The examples included in the book and the companion Web site impart a wealth of technical information that IT can directly employ to streamline their compliance processes.
IT Consultants – Since Sarbanes-Oxley compliance can present a daunting task, many organizations are choosing to outsource all or portions of their compliance preparation to third parties in order to leverage best known methods and the success of other client audits to ensure their audit goes smoothly. This being the case, the book will arm the consultant with a powerful toolset in which to quickly and efficiently streamline the preparation process while avoiding the cost of proprietary software solutions. Due to this they may be able to reduce their fees and win more business
CEO, VP, Owner – Non-Public Companies – The specter of spending time, money and resources on Sarbanes-Oxley compliance now surely weighs into the decision for a privately held company to go public. This book will assist those companies in assessing their infrastructure and compliance preparedness while avoiding the major expense involved in a formal audit. Owners and Executives can also use some of the technical aspects this book provides to lower their IT costs.
CIO, VP Director of IT – This book is very focused on the IT aspects of compliance, in both the use of Open Source as the infrastructure components which make up the core IT footprint within the enterprise as well as the use of Open Source to assist and automate the task of documenting and tracking compliance and internal controls, independent of whether they are derived from proprietary or Open Source systems.
IT Operations Management, Administration – Although the book will deal with many of the management considerations in the deployment of Open Source, The examples included in the book and the companion Web site impart a wealth of technical information that IT can directly employ to streamline their compliance processes.
IT Consultants – Since Sarbanes-Oxley compliance can present a daunting task, many organizations are choosing to outsource all or portions of their compliance preparation to third parties in order to leverage best known methods and the success of other client audits to ensure their audit goes smoothly. This being the case, the book will arm the consultant with a powerful toolset in which to quickly and efficiently streamline the preparation process while avoiding the cost of proprietary software solutions. Due to this they may be able to reduce their fees and win more business
CEO, VP, Owner – Non-Public Companies – The specter of spending time, money and resources on Sarbanes-Oxley compliance now surely weighs into the decision for a privately held company to go public. This book will assist those companies in assessing their infrastructure and compliance preparedness while avoiding the major expense involved in a formal audit. Owners and Executives can also use some of the technical aspects this book provides to lower their IT costs.
Acknowledgments
Authors
Contributors
Author Acknowledgments
Chapter 1: Overview: The Goals of This Book
The Audit Experience: An Introduction
Who Should Read This Book?
The Live CD Concept
The Portals
Summary
Solutions Fast Track
Chapter 2: SOX and COBIT Defined
SOX Overview
What Will SOX Accomplish?
Section 302
Section 404
SOX: Not Just a Dark Cloud
WHY IT COBIT?
The Six COBIT Components
Sustainability Is the Key
Summary
Solutions Fast Track
Chapter 3: The Cost of Compliance
Overview
Why Comply?
Tools and Applications
What’s Out There?
The Human Factor
Walk the Walk
BuiltRight Construction Company
Summary
Chapter 4: Why Open Source?
The Open Source Model
Closed Source Application Development
Open Source Application Development
The Business Case for Open Source
Assessing Your Infrastructure
Case Studies: Introduction to the Sample Companies
Summary
Solutions Fast Track
Chapter 5: Domain I: Planning and Organization
Overview
The Work Starts Here
What Work?
What Do Planning and Organization Mean?
Summary
Solutions Fast Track
Chapter 6: Domain II: Acquisition and Implementation
Overview
Evaluating In-House Expertise
Automation Is the Name of the Game
What Do Acquisition and Implementation Mean?
Working the List
FastTrack CD
Summary
Solutions Fast Track
Chapter 7: Domain III: Delivery and Support
Overview
What Do Delivery and Support Mean?
1. Define and Manage Service Level Agreements
2. Manage Third-Party Services
3. Manage Performance and Capacity
4. Ensure Continuous Service
5. Ensure Systems Security
6. Identify and Allocate Costs
7. Educate and Train Users
8. Assist and Advise Customers
9. Manage the Configuration
10. Manage Problems and Incidents
11. Manage Data
12. Manage Facilities
13. Manage Operations
Working the List
Performance, Capacity, and SLAs
System and Application Security
Configuration and Data Management
FastTrack CD
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8: Domain IV: Monitoring
Overview
What Does Monitoring Mean?
1. Monitor the Processes
2. Assess Internal Control Adequacy
3. Obtain Independent Assurance
4. Provide for Independent Audit
Working the List
Monitoring in Practice
FastTrack CD
Rolling Your Own Workflows
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9: Putting It All Together
Overview
Organization—Repositioning
Policies, Processes, and Service Level Agreements (SLAs)
Control Matrices, Test Plan, and Components
Return on Investment (ROI)
Summary
Solutions Fast Track
Frequently Asked Questions
Appendix A: COBIT Control Objectives
Appendix B: KNOPPIX Live CD Parameters
Appendix C: The GNU General Public License
Appendix D: CD Contents at a Glance
Index
- Edition: 1
- Published: September 10, 2005
- Imprint: Syngress
- No. of pages: 450
- Language: English
- eBook ISBN: 9780080489674
CL
Christian B Lahti
Christian Lahti is a computer services consultant and an expert in security. He is a regular speaker at industry shows such as LinuxWorld and OSCON. He is the technical editor of Windows to Linux Migration Toolkit (Syngress, ISBN: 1931836396).
Affiliations and expertise
Computer services consultant, SOX compliance expert, U.S.A.RP
Roderick Peterson
Roderick Peterson is the Information Technology Director at NeoMagic. He has more than 20 yeras' experience in the IT industry and has successfully led the development and deployment of major applications at several global companies.
Affiliations and expertise
Information Technology Director, NeoMagic, USARead Sarbanes-Oxley Compliance Using COBIT and Open Source Tools on ScienceDirect