O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Sarbanes-Oxley IT Compliance Using Open Source Tools, 2nd Edition

Book Description

The Sarbanes-Oxley Act (officially titled the Public Company Accounting Reform and Investor Protection Act of 2002), signed into law on 30 July 2002 by President Bush, is considered the most significant change to federal securities laws in the United States since the New Deal. It came in the wake of a series of corporate financial scandals, including those affecting Enron, Arthur Andersen, and WorldCom. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley. It was approved by the House by a vote of 423-3 and by the Senate 99-0. This book illustrates the many Open Source cost-saving opportunities that public companies can explore in their IT enterprise to meet mandatory compliance requirements of the Sarbanes-Oxley act. This book will also demonstrate by example and technical reference both the infrastructure components for Open Source that can be made compliant, and the Open Source tools that can aid in the journey of compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion. The format of the book will begin each chapter with the IT business and executive considerations of Open Source and SOX compliance. The remaining chapter verbiage will include specific examinations of Open Source applications and tools which relate to the given subject matter.

* Only book that shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications. * Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Lead Authors
  6. Contributing Authors
  7. Chapter 1: Overview – The Goals of This Book
    1. IT Manager Bob – The Nightmare
    2. Why Open Source?
    3. Summary
    4. Solutions Fast Track
    5. Frequently Asked Questions
  8. Chapter 2: Introduction to the Companion DVD
    1. The DVD Redux
    2. VM Spotlight – eGroupware
    3. Case Study: NuStuff Electronics, Setting the Stage
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  9. Chapter 3: SOX and Compliance Regulations
    1. What is PCAOB
    2. PCAOB Audit Approach
    3. SOX Overview
    4. Sustainability Is the Key
    5. Enough Already
    6. VM Spotlight: Desktop Tools
    7. Case Study: Workflow Concepts
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  10. Chapter 4: What’s In a Framework?
    1. PCAOB Endorses COBIT?
    2. Are the Developers of COBIT Controls Crazy? Is this Practical?
    3. The Top Contenders
  11. Chapter 5: The Cost of Compliance
    1. SOX and IT
    2. Compliance Issues
    3. What’s In A Framework?
    4. Assessing Your Infrastructure
    5. VM Spotlight: Fedora Directory Server
    6. Case Study: Costs
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  12. Chapter 6: What’s First?
    1. The Work Starts Here
    2. What Work?
    3. Planning and Organization
    4. Working The List
    5. Policy Definition and Management
    6. Spotlight: KnowledgeTree Document Management
    7. Case Study: NuStuff Electronics
    8. Frequently Asked Questions
  13. Chapter 7: What’s Second
    1. Definition of Information Requirements
    2. Evaluating Open Source In-House Expertise
    3. Working The List
    4. VM Spotlight – Webmin
    5. Summary
    6. Frequently Asked Questions
  14. Chapter 8: Are We There Yet?
    1. Working The List
    2. Service Level Agreements
    3. Managing The Infrastructure
    4. VM Spotlight – Subversion
    5. Case Study: NuStuff Electronics Segregation of Duties
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  15. Chapter 9: Finally, We’ve Arrived
    1. Working The List
    2. Monitoring In Practice
    3. VM Spotlight – Zabbix Monitoring System
    4. Case Study: NuStuff – Oops, Still Not Right
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  16. Chapter 10: Putting It All Together
    1. Analysis Paralysis
    2. Organization – Repositioning
    3. Policies, Processes and SLAs
    4. Control Matrices, Test Plan & Components
    5. Return On Investment (ROI)
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  17. Appendix A: COBIT Control Objectives
  18. Appendix B: ITIL Framework Summary
    1. The Five ITIL Volumes
    2. Service Support
    3. Service Delivery
  19. Appendix C: GNU General Public Licenses
    1. GPL Version III
    2. GPL Version II
  20. Index