Sarbanes-Oxley Compliance Using COBIT and Open Source Tools Paperback – Sep 10 2005
|New from||Used from|
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
From the Back Cover
This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.
Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives. The bootable CD contains fully configured demonstrations of Open Source tools.
About the Author
Christian Lahti is a computer services consultant and an expert in security. He is a regular speaker at industry shows such as LinuxWorld and OSCON. He is the technical editor of Windows to Linux Migration Toolkit (Syngress, ISBN: 1931836396).
Roderick Peterson is the Information Technology Director at NeoMagic. He has more than 20 yeras' experience in the IT industry and has successfully led the development and deployment of major applications at several global companies.
Most Helpful Customer Reviews on Amazon.com (beta)
As a pointer to tools and ideas, you cannot beat this book. However, if you are not already a part of the Linux open source world, I don't think this book can get you there. I had trouble with the CD and had to use a Knoppix cheat code to get it to boot. In addition, the examples on the CD are not populated with enough data to let you play with the tools.
The bottom line, I think this has all the earmarks to become a really important book in the auditing and compliance world in its next edition. I have purchased a copy for every one of my students in my management class and I am flying the authors out to demonstrate the tools to my class. I honestly don't think you can afford to miss this book if you have responsibility for Sarbanes-Oxley or GLBA for that matter. However, you are going to have to find a Linux geek to actually put any of this into practice.
I found SOICUCAOST's advice to be surprisingly candid. This is no "SOX is awesome" book. On p 276 we read "one could conclude that not only is there no realistic way to calculate ROI for SOX compliance, but if there were, there would be no positive ROI for SOX. The value of SOX compliance is qualitative and not quantitative. If there is no way to justify SOX compliance, how do I answer questions about how my company's compliance activities affect the bottom line? By shifting the ROI from SOX and the cost savings to open source and cost avoidance... a decision point of whether to comply with SOX or not does not exist." That is only one dose of brutal honesty -- there are many others in this book.
I thought the XFLD-based live CD was an innovative touch. Assuming one can get it to work (I had no trouble), it is a slick way to use a portal for two fictitious companies created to demonstrate ways to achieve IT-related SOX compliance. Not every component works, but using the live CD gets the reader to think he or she may be doing SOX activities instead of reading a book about it.
As far as specific open source tools goes, I don't think it's realistic to be able to use tools based on the information in this book. Syngress published an entire book on Nagios, an entire book on host-based integrity monitoring, an entire book on Snort, and so on. I would have preferred to see SOICUCAOST spend more time on presenting options with advantages and disadvantages for each. I also though the idea of running Snort from a live CD as a production sensor (Ch 6) to be very ill-conceived.
Regarding the reviews -- I am surprised to see they are all over the map. I think Christopher Byrne makes a few good points, but his criticism doesn't warrant a one-star review. Author Roderick Peterson should not have written a five-star "rebuttal". Authors write books, not reviews of their own books. That's poor form and it manipulates Amazon's star ratings.
Overall, I think SOICUCAOST is helpful for any SMB staring at SOX compliance. It certainly provides plenty of sound guidance, solid frameworks, and examples (on the live CD). The book is well-written and organized. I think some of the material could have been formatted for easier reading; Syngress has a tendency to use fonts that are way too large and thereby distracting. Still, I recommend anyone involved with IT-related SOX issues and/or COBIT give SOICUCAOST a try.
This book concentrates on using various open source tools (included on a CD with the book) to audit and document your system for compliance with COBIT. The authors take the reader through a detailed walk through the COBIT components and explain each one as well as how to implement it successfully. If it is followed the result is a sustainable system that is well documented, has set policies to prevent problems, has solid controls, and establishes responsibilities for change and improvements. Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools is highly recommended for anyone preparing to undergo and Sarbanes-Oxley audit but is also highly recommended to others because it is so useful for documenting your system and setting responsibility for changes to it.
Nice book, helpful guide