Title :
An Efficient Framework for IT Controls of Bill 198 (Canada Sarbanes-Oxley) Compliance by Aligning COBIT 4.1, ITIL v3 and ISO/IEC 27002
Author :
Huang, Zhitao ; Zavarsky, Pavol ; Ruhl, Ron
Author_Institution :
Coll. of Alberta, Dept. of Inf. Syst. Security, Concordia Univ., Edmonton, AB, Canada
Abstract :
Canadian companies have been struggling with the Bill 198 (CSOX) compliance. The main problem is the lack of clear guidelines and the non-existence of a specific compliance process the IT staff could use to achieve the IT control objectives of the Bill 198. This research paper demonstrates a possibility of creating a new comprehensive framework to accomplish the compliance goal by aligning three existing effective frameworks COBIT 4.1, ITIL v3, and the ISO/IEC 27002 standard. It is shown in the paper, that relative to the current CSOX compliance practices, the new framework provides for higher efficiency and reduction of resources needed to comply with the Bill.
Keywords :
ISO standards; law; telecommunication standards; Bill 198 compliance; COBIT 4.1; CSOX compliance practice; ISO/IEC 27002 standard; IT controls; ITIL v3; compliance goal; compliance process; information technology; Environmental management; Humans; IEC standards; ISO standards; Laboratories; Peer to peer computing; Protocols; Public key; Security; Testing; Bill 198; COBIT; CSOX; ISO27002; ITIL; compliance;
Conference_Titel :
Computational Science and Engineering, 2009. CSE '09. International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-5334-4
Electronic_ISBN :
978-0-7695-3823-5
DOI :
10.1109/CSE.2009.336
