You are previewing Sarbanes-Oxley Compliance Using COBIT and Open Source Tools.
O'Reilly logo
Sarbanes-Oxley Compliance Using COBIT and Open Source Tools

Book Description

This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.

Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives.

The bootable CD contains fully configured demonstrations of Open Source tools.

* Shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications
* Contains a bootable-Linux CD containing countless applications, forms, and checklists to assist companies in achieving SOX compliance
* Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Register for Free Membership to
  5. Copyright
  6. Acknowledgments
  7. Authors
  8. Contributors
  9. Author Acknowledgments
  10. Chapter 1: Overview: The Goals of This Book
    1. The Audit Experience: An Introduction
    2. Who Should Read This Book?
    3. The Live CD Concept
    4. The Portals
    5. Summary
    6. Solutions Fast Track
  11. Chapter 2: SOX and COBIT Defined
    1. SOX Overview
    2. What Will SOX Accomplish?
    3. Section 302
    4. Section 404
    5. SOX: Not Just a Dark Cloud
    6. WHY IT COBIT?
    7. The Six COBIT Components
    8. Sustainability Is the Key
    9. Summary
    10. Solutions Fast Track
  12. Chapter 3: The Cost of Compliance
    1. Overview
    2. Why Comply?
    3. Tools and Applications
    4. What’s Out There?
    5. The Human Factor
    6. Walk the Walk
    7. BuiltRight Construction Company
    8. Summary
  13. Chapter 4: Why Open Source?
    1. The Open Source Model
    2. Closed Source Application Development
    3. Open Source Application Development
    4. The Business Case for Open Source
    5. Assessing Your Infrastructure
    6. Case Studies: Introduction to the Sample Companies
    7. Summary
    8. Solutions Fast Track
  14. Chapter 5: Domain I: Planning and Organization
    1. Overview
    2. The Work Starts Here
    3. What Work?
    4. What Do Planning and Organization Mean?
    5. Summary
    6. Solutions Fast Track
  15. Chapter 6: Domain II: Acquisition and Implementation
    1. Overview
    2. Evaluating In-House Expertise
    3. Automation Is the Name of the Game
    4. What Do Acquisition and Implementation Mean?
    5. Working the List
    6. FastTrack CD
    7. Summary
    8. Solutions Fast Track
  16. Chapter 7: Domain III: Delivery and Support
    1. Overview
    2. What Do Delivery and Support Mean?
    3. 1. Define and Manage Service Level Agreements
    4. 2. Manage Third-Party Services
    5. 3. Manage Performance and Capacity
    6. 4. Ensure Continuous Service
    7. 5. Ensure Systems Security
    8. 6. Identify and Allocate Costs
    9. 7. Educate and Train Users
    10. 8. Assist and Advise Customers
    11. 9. Manage the Configuration
    12. 10. Manage Problems and Incidents
    13. 11. Manage Data
    14. 12. Manage Facilities
    15. 13. Manage Operations
    16. Working the List
    17. Performance, Capacity, and SLAs
    18. System and Application Security
    19. Configuration and Data Management
    20. FastTrack CD
    21. Summary
    22. Solutions Fast Track
    23. Frequently Asked Questions
  17. Chapter 8: Domain IV: Monitoring
    1. Overview
    2. What Does Monitoring Mean?
    3. 1. Monitor the Processes
    4. 2. Assess Internal Control Adequacy
    5. 3. Obtain Independent Assurance
    6. 4. Provide for Independent Audit
    7. Working the List
    8. Monitoring in Practice
    9. FastTrack CD
    10. Rolling Your Own Workflows
    11. Summary
    12. Solutions Fast Track
    13. Frequently Asked Questions
  18. Chapter 9: Putting It All Together
    1. Overview
    2. Organization—Repositioning
    3. Policies, Processes, and Service Level Agreements (SLAs)
    4. Control Matrices, Test Plan, and Components
    5. Return on Investment (ROI)
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  19. Appendix A: COBIT Control Objectives
  20. Appendix B: KNOPPIX Live CD Parameters
  21. Appendix C: The GNU General Public License
  22. Appendix D: CD Contents at a Glance
  23. Index