Jim Johnson, CEO of Tripwire, writes ,"While it’s difficult to pinpoint the single most challenging issue facing Sarbanes-Oxley, certainly one of the most frustrating headaches for CXOs today is the lack of prescriptive guidance on “how” to become compliant."
"In an attempt help identify, document and evaluate IT controls, the audit industry and the SEC have supported numerous open control frameworks and best practices such as IT Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), and ISO17799.
While useful in theory, these frameworks do not give comprehensive guidance to IT management on where to start, how to start, and how much it costs to implement initially and sustain over time.
Worse, these frameworks do not provide quantitative analysis of how and why process initiatives using these frameworks affect business success beyond compliance and conversely, what impact -- or damage -- these initiatives cause when they fail."
Read more in the full article...