Sarbanes-Oxley Compliance Using COBIT and Open Source Tools and over one million other books are available for Amazon Kindle. Learn more
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Sarbanes-Oxley Compliance Using COBIT and Open Source Tools Paperback – Sep 10 2005


See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
CDN$ 64.18 CDN$ 1.63

There is a newer edition of this item:

Sarbanes-Oxley IT Compliance Using Open Source Tools
CDN$ 71.81
Temporarily out of stock.

Best Canadian Books of 2014
Margaret Atwood's stunning new collection of stories, Stone Mattress, is our #1 Canadian pick for 2014. See all

Customers Who Bought This Item Also Bought



Hero Quick Promo
Boxing Day Kindle Deals
Load your library with over 30 popular fiction books and more, today only. Learn more

Product Details


Product Description

From the Back Cover

This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.

Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives. The bootable CD contains fully configured demonstrations of Open Source tools.

About the Author

Christian Lahti is a computer services consultant and an expert in security. He is a regular speaker at industry shows such as LinuxWorld and OSCON. He is the technical editor of Windows to Linux Migration Toolkit (Syngress, ISBN: 1931836396).

Roderick Peterson is the Information Technology Director at NeoMagic. He has more than 20 yeras' experience in the IT industry and has successfully led the development and deployment of major applications at several global companies.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 16 reviews
15 of 15 people found the following review helpful
Two books in one Oct. 21 2005
By Stephen Northcutt - Published on Amazon.com
Format: Paperback
This is the hardest review I have ever written. The book has enormous potential. The concepts behind the book can probably save organizations a lot of money. The book is a primer to COBIT, which is the model most people use to implement Sarbanes-Oxley. It is also a book about open source tools that may be able to support a COBIT framework.

As a pointer to tools and ideas, you cannot beat this book. However, if you are not already a part of the Linux open source world, I don't think this book can get you there. I had trouble with the CD and had to use a Knoppix cheat code to get it to boot. In addition, the examples on the CD are not populated with enough data to let you play with the tools.

The bottom line, I think this has all the earmarks to become a really important book in the auditing and compliance world in its next edition. I have purchased a copy for every one of my students in my management class and I am flying the authors out to demonstrate the tools to my class. I honestly don't think you can afford to miss this book if you have responsibility for Sarbanes-Oxley or GLBA for that matter. However, you are going to have to find a Linux geek to actually put any of this into practice.
8 of 8 people found the following review helpful
Very helpful introduction to SOX compliance through COBIT March 13 2006
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
I read Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools (SOICUCAOST) to learn more about compliance issues. I am a security engineer who thankfully has not had to suffer through a SOX audit. I am glad I read SOICUCAOST, however. The book is clear, well-written, and makes innovative use of a live CD. While the book is not the answer to SOX compliance (no book is), small-to-medium-sized businesses will find SOICUCAOST a valuable guide.

I found SOICUCAOST's advice to be surprisingly candid. This is no "SOX is awesome" book. On p 276 we read "one could conclude that not only is there no realistic way to calculate ROI for SOX compliance, but if there were, there would be no positive ROI for SOX. The value of SOX compliance is qualitative and not quantitative. If there is no way to justify SOX compliance, how do I answer questions about how my company's compliance activities affect the bottom line? By shifting the ROI from SOX and the cost savings to open source and cost avoidance... a decision point of whether to comply with SOX or not does not exist." That is only one dose of brutal honesty -- there are many others in this book.

I thought the XFLD-based live CD was an innovative touch. Assuming one can get it to work (I had no trouble), it is a slick way to use a portal for two fictitious companies created to demonstrate ways to achieve IT-related SOX compliance. Not every component works, but using the live CD gets the reader to think he or she may be doing SOX activities instead of reading a book about it.

As far as specific open source tools goes, I don't think it's realistic to be able to use tools based on the information in this book. Syngress published an entire book on Nagios, an entire book on host-based integrity monitoring, an entire book on Snort, and so on. I would have preferred to see SOICUCAOST spend more time on presenting options with advantages and disadvantages for each. I also though the idea of running Snort from a live CD as a production sensor (Ch 6) to be very ill-conceived.

Regarding the reviews -- I am surprised to see they are all over the map. I think Christopher Byrne makes a few good points, but his criticism doesn't warrant a one-star review. Author Roderick Peterson should not have written a five-star "rebuttal". Authors write books, not reviews of their own books. That's poor form and it manipulates Amazon's star ratings.

Overall, I think SOICUCAOST is helpful for any SMB staring at SOX compliance. It certainly provides plenty of sound guidance, solid frameworks, and examples (on the live CD). The book is well-written and organized. I think some of the material could have been formatted for easier reading; Syngress has a tendency to use fonts that are way too large and thereby distracting. Still, I recommend anyone involved with IT-related SOX issues and/or COBIT give SOICUCAOST a try.
4 of 4 people found the following review helpful
Great resource, very helpful in ensuring complying with SOX April 19 2006
By Harold McFarland - Published on Amazon.com
Format: Paperback
Compliance with the Sarbanes-Oxley Act is a legal requirement for publicly traded companies. The problem with the Act is that it requires things like adequate internal control structure and a report on the effectiveness of the internal control structure and procedures while not providing any guidance or any specific mention of information technology implications. Luckily there are several other more specific standards to follow, with the most common among auditors being COBIT (Control Objectives for Information and Related Technology).

This book concentrates on using various open source tools (included on a CD with the book) to audit and document your system for compliance with COBIT. The authors take the reader through a detailed walk through the COBIT components and explain each one as well as how to implement it successfully. If it is followed the result is a sustainable system that is well documented, has set policies to prevent problems, has solid controls, and establishes responsibilities for change and improvements. Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools is highly recommended for anyone preparing to undergo and Sarbanes-Oxley audit but is also highly recommended to others because it is so useful for documenting your system and setting responsibility for changes to it.
4 of 4 people found the following review helpful
Nice Resource on Sarbanes-Oxley Compliance Aug. 11 2006
By Dan McKinnon - Published on Amazon.com
Format: Paperback
If you are a company or IT person that is responsible for keeping your company compliant with the Sarbanes-Oxley act of 2002, you owe it to yourself to pick up this book. Chock full of tons of helpful advice and guidelines, this 300+ page text will help get your IT department streamlined and well structured. The Sarbanes-Oxley act was put into place in direct response to the outlandish acts of companies such as Tyco, Enron, MCI and the such where the public will know that their investment money is being used towards non-corrupt practices and this involves not only financial numbers, but also the systems that hold such important data.

Nice book, helpful guide

**** RECOMMENDED
3 of 3 people found the following review helpful
Great Book, Great Advice!!!!! Jan. 2 2006
By UNIX/Linux Junkie - Published on Amazon.com
Format: Paperback
My company has been working hard to mitigate and resolve SOX audit concerns/items. Being the technical leader of our open systems environment I am very involved in how this will best be accomplished. The problem that this book helped resolve was by providing a roadmap in which this can be done both swiftly AND cost-effectively. From a technical perspective, Chapter 7 was AMAZING and everything I was looking for. Utilizing the open source tools suggested to enhance security within the environment saves an amazing amount of dollars as compared to purchasing an "off-the-shelf" product. While technically analyzing a couple of these products I have found that they are utilizing similar methods, i.e. proprietary PAM modules, to accomplish the exact same end result. The fast track CD that accompanies the book also saves the buyer from having to search the Net for the relevant tools. For the non-technical processes SLA's are provided which are necessary for completion of the SOX remediation. I am extremely happy with the book as it is beneficial for persons from both managerial and technical backgrounds. I highly recommend this book!!!!


Feedback