Sarbanes-Oxley Compliance Using COBIT and Open Source Tools

Sarbanes-Oxley Compliance Using COBIT and Open Source Tools

1st Edition - September 10, 2005

Write a review

  • Authors: Christian Lahti, Roderick Peterson
  • eBook ISBN: 9780080489674

Purchase options

Purchase options
DRM-free (PDF, Mobi, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives.

Key Features

  • Shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications
  • Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals


CFO, VP, Director of Finance – Since the Sarbanes-Oxley act is squarely aimed at responsible financial controls and reporting, the executive finance team of any company should be interested in the ways Open Source can reduce their cost of compliance. Every chapter in the book will begin with the management perspective of compliance as it relates to the subject material contained within.
CIO, VP Director of IT – This book is very focused on the IT aspects of compliance, in both the use of Open Source as the infrastructure components which make up the core IT footprint within the enterprise as well as the use of Open Source to assist and automate the task of documenting and tracking compliance and internal controls, independent of whether they are derived from proprietary or Open Source systems.
IT Operations Management, Administration – Although the book will deal with many of the management considerations in the deployment of Open Source, The examples included in the book and the companion Web site impart a wealth of technical information that IT can directly employ to streamline their compliance processes.
IT Consultants – Since Sarbanes-Oxley compliance can present a daunting task, many organizations are choosing to outsource all or portions of their compliance preparation to third parties in order to leverage best known methods and the success of other client audits to ensure their audit goes smoothly. This being the case, the book will arm the consultant with a powerful toolset in which to quickly and efficiently streamline the preparation process while avoiding the cost of proprietary software solutions. Due to this they may be able to reduce their fees and win more business
CEO, VP, Owner – Non-Public Companies – The specter of spending time, money and resources on Sarbanes-Oxley compliance now surely weighs into the decision for a privately held company to go public. This book will assist those companies in assessing their infrastructure and compliance preparedness while avoiding the major expense involved in a formal audit. Owners and Executives can also use some of the technical aspects this book provides to lower their IT costs.

Table of Contents

  • Acknowledgments



    Author Acknowledgments

    Chapter 1: Overview: The Goals of This Book

    The Audit Experience: An Introduction

    Who Should Read This Book?

    The Live CD Concept

    The Portals


    Solutions Fast Track

    Chapter 2: SOX and COBIT Defined

    SOX Overview

    What Will SOX Accomplish?

    Section 302

    Section 404

    SOX: Not Just a Dark Cloud


    The Six COBIT Components

    Sustainability Is the Key


    Solutions Fast Track

    Chapter 3: The Cost of Compliance


    Why Comply?

    Tools and Applications

    What’s Out There?

    The Human Factor

    Walk the Walk

    BuiltRight Construction Company


    Chapter 4: Why Open Source?

    The Open Source Model

    Closed Source Application Development

    Open Source Application Development

    The Business Case for Open Source

    Assessing Your Infrastructure

    Case Studies: Introduction to the Sample Companies


    Solutions Fast Track

    Chapter 5: Domain I: Planning and Organization


    The Work Starts Here

    What Work?

    What Do Planning and Organization Mean?


    Solutions Fast Track

    Chapter 6: Domain II: Acquisition and Implementation


    Evaluating In-House Expertise

    Automation Is the Name of the Game

    What Do Acquisition and Implementation Mean?

    Working the List

    FastTrack CD


    Solutions Fast Track

    Chapter 7: Domain III: Delivery and Support


    What Do Delivery and Support Mean?

    1. Define and Manage Service Level Agreements

    2. Manage Third-Party Services

    3. Manage Performance and Capacity

    4. Ensure Continuous Service

    5. Ensure Systems Security

    6. Identify and Allocate Costs

    7. Educate and Train Users

    8. Assist and Advise Customers

    9. Manage the Configuration

    10. Manage Problems and Incidents

    11. Manage Data

    12. Manage Facilities

    13. Manage Operations

    Working the List

    Performance, Capacity, and SLAs

    System and Application Security

    Configuration and Data Management

    FastTrack CD


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 8: Domain IV: Monitoring


    What Does Monitoring Mean?

    1. Monitor the Processes

    2. Assess Internal Control Adequacy

    3. Obtain Independent Assurance

    4. Provide for Independent Audit

    Working the List

    Monitoring in Practice

    FastTrack CD

    Rolling Your Own Workflows


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 9: Putting It All Together



    Policies, Processes, and Service Level Agreements (SLAs)

    Control Matrices, Test Plan, and Components

    Return on Investment (ROI)


    Solutions Fast Track

    Frequently Asked Questions

    Appendix A: COBIT Control Objectives

    Appendix B: KNOPPIX Live CD Parameters

    Appendix C: The GNU General Public License

    Appendix D: CD Contents at a Glance


Product details

  • No. of pages: 450
  • Language: English
  • Copyright: © Syngress 2005
  • Published: September 10, 2005
  • Imprint: Syngress
  • eBook ISBN: 9780080489674

About the Authors

Christian Lahti

Christian Lahti is a computer services consultant and an expert in security. He is a regular speaker at industry shows such as LinuxWorld and OSCON. He is the technical editor of Windows to Linux Migration Toolkit (Syngress, ISBN: 1931836396).

Affiliations and Expertise

Computer services consultant, SOX compliance expert, U.S.A.

Roderick Peterson

Roderick Peterson is the Information Technology Director at NeoMagic. He has more than 20 yeras' experience in the IT industry and has successfully led the development and deployment of major applications at several global companies.

Affiliations and Expertise

Information Technology Director, NeoMagic, USA

Ratings and Reviews

Write a review

There are currently no reviews for "Sarbanes-Oxley Compliance Using COBIT and Open Source Tools"