Sarbanes-Oxley Compliance Using COBIT and Open Source Tools and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.

Have one to sell? Sell yours here
Start reading Sarbanes-Oxley Compliance Using COBIT and Open Source Tools on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Sarbanes-Oxley Compliance Using COBIT and Open Source Tools [Paperback]

Christian B Lahti , Roderick Peterson


Available from these sellers.


Formats

Amazon Price New from Used from
Kindle Edition CDN $45.07  
Paperback --  
There is a newer edition of this item:
Sarbanes-Oxley IT Compliance Using Open Source Tools Sarbanes-Oxley IT Compliance Using Open Source Tools
CDN$ 66.13
Not in stock; order now and we'll deliver when available

Book Description

Sept. 10 2005
This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.

Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives.

The bootable CD contains fully configured demonstrations of Open Source tools.

* Shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications
* Contains a bootable-Linux CD containing countless applications, forms, and checklists to assist companies in achieving SOX compliance
* Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals

Customers Who Bought This Item Also Bought


Product Details


Product Description

From the Back Cover

This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.

Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives. The bootable CD contains fully configured demonstrations of Open Source tools.

About the Author

Christian Lahti is a computer services consultant and an expert in security. He is a regular speaker at industry shows such as LinuxWorld and OSCON. He is the technical editor of Windows to Linux Migration Toolkit (Syngress, ISBN: 1931836396).

Roderick Peterson is the Information Technology Director at NeoMagic. He has more than 20 yeras' experience in the IT industry and has successfully led the development and deployment of major applications at several global companies.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 3.8 out of 5 stars  16 reviews
15 of 15 people found the following review helpful
3.0 out of 5 stars Two books in one Oct. 21 2005
By Stephen Northcutt - Published on Amazon.com
Format:Paperback
This is the hardest review I have ever written. The book has enormous potential. The concepts behind the book can probably save organizations a lot of money. The book is a primer to COBIT, which is the model most people use to implement Sarbanes-Oxley. It is also a book about open source tools that may be able to support a COBIT framework.

As a pointer to tools and ideas, you cannot beat this book. However, if you are not already a part of the Linux open source world, I don't think this book can get you there. I had trouble with the CD and had to use a Knoppix cheat code to get it to boot. In addition, the examples on the CD are not populated with enough data to let you play with the tools.

The bottom line, I think this has all the earmarks to become a really important book in the auditing and compliance world in its next edition. I have purchased a copy for every one of my students in my management class and I am flying the authors out to demonstrate the tools to my class. I honestly don't think you can afford to miss this book if you have responsibility for Sarbanes-Oxley or GLBA for that matter. However, you are going to have to find a Linux geek to actually put any of this into practice.
8 of 8 people found the following review helpful
4.0 out of 5 stars Very helpful introduction to SOX compliance through COBIT March 13 2006
By Richard Bejtlich - Published on Amazon.com
Format:Paperback
I read Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools (SOICUCAOST) to learn more about compliance issues. I am a security engineer who thankfully has not had to suffer through a SOX audit. I am glad I read SOICUCAOST, however. The book is clear, well-written, and makes innovative use of a live CD. While the book is not the answer to SOX compliance (no book is), small-to-medium-sized businesses will find SOICUCAOST a valuable guide.

I found SOICUCAOST's advice to be surprisingly candid. This is no "SOX is awesome" book. On p 276 we read "one could conclude that not only is there no realistic way to calculate ROI for SOX compliance, but if there were, there would be no positive ROI for SOX. The value of SOX compliance is qualitative and not quantitative. If there is no way to justify SOX compliance, how do I answer questions about how my company's compliance activities affect the bottom line? By shifting the ROI from SOX and the cost savings to open source and cost avoidance... a decision point of whether to comply with SOX or not does not exist." That is only one dose of brutal honesty -- there are many others in this book.

I thought the XFLD-based live CD was an innovative touch. Assuming one can get it to work (I had no trouble), it is a slick way to use a portal for two fictitious companies created to demonstrate ways to achieve IT-related SOX compliance. Not every component works, but using the live CD gets the reader to think he or she may be doing SOX activities instead of reading a book about it.

As far as specific open source tools goes, I don't think it's realistic to be able to use tools based on the information in this book. Syngress published an entire book on Nagios, an entire book on host-based integrity monitoring, an entire book on Snort, and so on. I would have preferred to see SOICUCAOST spend more time on presenting options with advantages and disadvantages for each. I also though the idea of running Snort from a live CD as a production sensor (Ch 6) to be very ill-conceived.

Regarding the reviews -- I am surprised to see they are all over the map. I think Christopher Byrne makes a few good points, but his criticism doesn't warrant a one-star review. Author Roderick Peterson should not have written a five-star "rebuttal". Authors write books, not reviews of their own books. That's poor form and it manipulates Amazon's star ratings.

Overall, I think SOICUCAOST is helpful for any SMB staring at SOX compliance. It certainly provides plenty of sound guidance, solid frameworks, and examples (on the live CD). The book is well-written and organized. I think some of the material could have been formatted for easier reading; Syngress has a tendency to use fonts that are way too large and thereby distracting. Still, I recommend anyone involved with IT-related SOX issues and/or COBIT give SOICUCAOST a try.
4 of 4 people found the following review helpful
4.0 out of 5 stars Nice Resource on Sarbanes-Oxley Compliance Aug. 11 2006
By Dan McKinnon - Published on Amazon.com
Format:Paperback
If you are a company or IT person that is responsible for keeping your company compliant with the Sarbanes-Oxley act of 2002, you owe it to yourself to pick up this book. Chock full of tons of helpful advice and guidelines, this 300+ page text will help get your IT department streamlined and well structured. The Sarbanes-Oxley act was put into place in direct response to the outlandish acts of companies such as Tyco, Enron, MCI and the such where the public will know that their investment money is being used towards non-corrupt practices and this involves not only financial numbers, but also the systems that hold such important data.

Nice book, helpful guide

**** RECOMMENDED
4 of 4 people found the following review helpful
5.0 out of 5 stars Great resource, very helpful in ensuring complying with SOX April 19 2006
By Harold McFarland - Published on Amazon.com
Format:Paperback
Compliance with the Sarbanes-Oxley Act is a legal requirement for publicly traded companies. The problem with the Act is that it requires things like adequate internal control structure and a report on the effectiveness of the internal control structure and procedures while not providing any guidance or any specific mention of information technology implications. Luckily there are several other more specific standards to follow, with the most common among auditors being COBIT (Control Objectives for Information and Related Technology).

This book concentrates on using various open source tools (included on a CD with the book) to audit and document your system for compliance with COBIT. The authors take the reader through a detailed walk through the COBIT components and explain each one as well as how to implement it successfully. If it is followed the result is a sustainable system that is well documented, has set policies to prevent problems, has solid controls, and establishes responsibilities for change and improvements. Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools is highly recommended for anyone preparing to undergo and Sarbanes-Oxley audit but is also highly recommended to others because it is so useful for documenting your system and setting responsibility for changes to it.
10 of 13 people found the following review helpful
5.0 out of 5 stars Authors' Rebuttal Oct. 27 2005
By Roderick Peterson - Published on Amazon.com
Format:Paperback
As the authors of this book, we'd like to respond to Christopher Byrne's review of our book. We appreciate Christopher's time and attention paid to our book, but would like to respond to a couple of criticisms presented in the review....

The first paragraph of the review states "The only justification for buying it might be to get the CD with the open-source toolkit which might help smaller organizations get something in place quickly, but that is it." As the authors of the book we find this statement very gratifying as it tells us we were able to accomplish one of the main goals of the book. It tells us we accurately identified our target audience, small to medium size companies and it tells us that we presented the right mix of information and CD content to enable the reader to easily take the book from concept to practical application for SOX compliance.

The next section of the review "Why Do I Not Like This Book contains various sections we'd like to address.

1."Backgrounds of the authors "- As the authors we never stated, conveyed, nor inferred that we were auditors and/or had any certifications in audit related disciplines. What we did however state was that we were IT professionals who had successfully been through the SOX certifications process. A process that yielded no material weaknesses or significant deficiencies, and that is what we endeavored to shared and convey with our readers.

The review attempts to support this logic by quoting responses to a question posed to colleagues. Although on first look that might appear to be the case, the majority of the responses actual state or convey that certifications aren't always necessary and practical experience is more important. Also, these quotes are from people who have not even seen the book.

2.Understanding COBIT - On one hand the review criticizes us for ... publishing information on COBIT, in some cases verbatim." and on the other hand "In addition, the authors fail to provide the entire context and understanding of COBIT". So again, we will simply say we passed our audit with no material weaknesses or significant deficiencies.

3.And The List Goes On and The Sarbanes-Oxley FUD Factor - These sections are very subjective. Based on our experience and discussions with our colleagues, the stated subject matter was not relevant to the objectives of the book. As for the title it conveys the main components of the book - Open Source, COBIT and SOX compliance.

4."Sox and COBIT Defined" - It was not our intent to advocate the implementation of COBIT but merely to provide, based on our experience, criteria and a mechanism for extracting from COBIT the components needed for SOX compliance. As for the importance of risk the following quote from the book illustrates how we feel risk and risk assessment should be handled ""Risk assessment from an IT perspective is also an important subject to undertake as a normal course of capacity planning and disaster recovery.".

5.SOX Compliance Policies - This section is merely semantics. The review itself actually reinforces one of the points in the book "COBIT is a framework for internal governance and when done properly, takes care of compliance with any law or regulation." We never disputed this point and made similar comments in the book.

SOX Compliance Policy - Is there a difference between a SOX Compliance Policy and a Policy that complies with SOX - or are we just nit picking words?

We would give this 5 stars, only because they won't allow 1,000
ARRAY(0xa9aa82f4)

Look for similar items by category


Feedback