Sarbanes-Oxley Compliance Using COBIT and Open Source Tools - 1st Edition - ISBN: 9781597490368, 9780080489674

Sarbanes-Oxley Compliance Using COBIT and Open Source Tools

1st Edition

Authors: Christian Lahti Roderick Peterson
eBook ISBN: 9780080489674
Imprint: Syngress
Published Date: 10th September 2005
Page Count: 450
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.

Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives.

Key Features

  • Shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications
  • Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals


CFO, VP, Director of Finance – Since the Sarbanes-Oxley act is squarely aimed at responsible financial controls and reporting, the executive finance team of any company should be interested in the ways Open Source can reduce their cost of compliance. Every chapter in the book will begin with the management perspective of compliance as it relates to the subject material contained within. CIO, VP Director of IT – This book is very focused on the IT aspects of compliance, in both the use of Open Source as the infrastructure components which make up the core IT footprint within the enterprise as well as the use of Open Source to assist and automate the task of documenting and tracking compliance and internal controls, independent of whether they are derived from proprietary or Open Source systems. IT Operations Management, Administration – Although the book will deal with many of the management considerations in the deployment of Open Source, The examples included in the book and the companion Web site impart a wealth of technical information that IT can directly employ to streamline their compliance processes. IT Consultants – Since Sarbanes-Oxley compliance can present a daunting task, many organizations are choosing to outsource all or portions of their compliance preparation to third parties in order to leverage best known methods and the success of other client audits to ensure their audit goes smoothly. This being the case, the book will arm the consultant with a powerful toolset in which to quickly and efficiently streamline the preparation process while avoiding the cost of proprietary software solutions. Due to this they may be able to reduce their fees and win more business
CEO, VP, Owner – Non-Public Companies – The specter of spending time, money and resources on Sarbanes-Oxley compliance now surely weighs into the decision for a privately held company to go public. This book will assist those companies

Table of Contents




Author Acknowledgments

Chapter 1: Overview: The Goals of This Book

The Audit Experience: An Introduction

Who Should Read This Book?

The Live CD Concept

The Portals


Solutions Fast Track

Chapter 2: SOX and COBIT Defined

SOX Overview

What Will SOX Accomplish?

Section 302

Section 404

SOX: Not Just a Dark Cloud


The Six COBIT Components

Sustainability Is the Key


Solutions Fast Track

Chapter 3: The Cost of Compliance


Why Comply?

Tools and Applications

What’s Out There?

The Human Factor

Walk the Walk

BuiltRight Construction Company


Chapter 4: Why Open Source?

The Open Source Model

Closed Source Application Development

Open Source Application Development

The Business Case for Open Source

Assessing Your Infrastructure

Case Studies: Introduction to the Sample Companies


Solutions Fast Track

Chapter 5: Domain I: Planning and Organization


The Work Starts Here

What Work?

What Do Planning and Organization Mean?


Solutions Fast Track

Chapter 6: Domain II: Acquisition and Implementation


Evaluating In-House Expertise

Automation Is the Name of the Game

What Do Acquisition and Implementation Mean?

Working the List

FastTrack CD


Solutions Fast Track

Chapter 7: Domain III: Delivery and Support


What Do Delivery and Support Mean?

1. Define and Manage Service Level Agreements

2. Manage Third-Party Services

3. Manage Performance and Capacity

4. Ensure Continuous Service

5. Ensure Systems Security

6. Identify and Allocate Costs

7. Educate and Train Users

8. Assist and Advise Customers

9. Manage the Configuration

10. Manage Problems and Incidents

11. Manage Data

12. Manage Facilities

13. Manage Operations

Working the List

Performance, Capacity, and SLAs

System and Application Security

Configuration and Data Management

FastTrack CD


Solutions Fast Track

Frequently Asked Questions

Chapter 8: Domain IV: Monitoring


What Does Monitoring Mean?

1. Monitor the Processes

2. Assess Internal Control Adequacy

3. Obtain Independent Assurance

4. Provide for Independent Audit

Working the List

Monitoring in Practice

FastTrack CD

Rolling Your Own Workflows


Solutions Fast Track

Frequently Asked Questions

Chapter 9: Putting It All Together



Policies, Processes, and Service Level Agreements (SLAs)

Control Matrices, Test Plan, and Components

Return on Investment (ROI)


Solutions Fast Track

Frequently Asked Questions

Appendix A: COBIT Control Objectives

Appendix B: KNOPPIX Live CD Parameters

Appendix C: The GNU General Public License

Appendix D: CD Contents at a Glance



No. of pages:
© Syngress 2005
eBook ISBN:

About the Author

Christian Lahti

Christian Lahti is a computer services consultant and an expert in security. He is a regular speaker at industry shows such as LinuxWorld and OSCON. He is the technical editor of Windows to Linux Migration Toolkit (Syngress, ISBN: 1931836396).

Affiliations and Expertise

Computer services consultant, SOX compliance expert, U.S.A.

Roderick Peterson

Roderick Peterson is the Information Technology Director at NeoMagic. He has more than 20 yeras' experience in the IT industry and has successfully led the development and deployment of major applications at several global companies.

Affiliations and Expertise

Information Technology Director, NeoMagic, USA

Ratings and Reviews