Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools

The COBIT Delivery and Support Domain is the meat and potatoes of the infrastructure. There are hundreds of open source tools available to help you meet your compliance goals. eGroupware was used heavily in this chapter; however, we have added sample configurations of several of the tools mentioned, to give you an idea of how they can be used.
http://xfld/builtright/egw/Wiki/index.php
http://xfld/nustuff/egw/Wiki/index.php
http://xfld/builtright/egw/workflow/index.php
http://xfld/nustuff/egw/workflow/index.php
We have also provided the following sample SLAs, which are based on the format provided earlier in this chapter.
Finance Data Backups This sample SLA covers the back up of all identified critical financial data. It is an agreement between the IT and Finance groups over what, how, and when IT will back up their files, and the roles and responsibilities surrounding this task. This relates back to the policy regarding data backups and retention.
Financial Systems Access This sample SLA covers the authorization of users to see critical financial data. It covers the authentication of users and their passwords, and the availability of the LDAP identity management services. This SLA relates back to the password and access controls policies.
Financial Systems Environmental Protection This sample SLA covers the physical building access management system. The IT group provides the agreement on the availability of the badge security system and the creation and termination of access cards to sensitive areas of the building that contain financial servers and storage. This SLA relates back to the physical access policy.
In...