Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Beyond COSO", Steven J. Root

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Beyond COSO", Steven J. Root
Date: Thu, 29 Mar 2007 08:58:36 -0800 
BKBECOSO.RVW   20070218

"Beyond COSO", Steven J. Root, 1998, 0-471-39112-3, U$65.00/C$84.99
%A   Steven J. Root
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1998
%G   0-471-39112-3
%I   John Wiley & Sons, Inc.
%O   U$65.00/C$84.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471391123/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0471391123/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0471391123/robsladesin03-20
%O   Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   340 p.
%T   "Beyond COSO: Internal Control to Enhance Corporate Governance"

In the preface, the author notes that it is impossible to have
complete control of any situation: problems and fraud will happen
despite all of our efforts.  Root recommends that companies should
implement internal controls as suggested by COSO (the Committee of
Sponsoring Organizations of the Treadway Commission), but must also go
beyond them, in a manner similar to the layered defence or defence in
depth models.

Chapter one contains an analysis of the limitations of the COSO
directives (and ends with a rather odd overview of the book itself). 
The concepts of, and problems with, internal control is covered in
chapter two.  Chapter three presents a history of twentieth century
corporate frauds and the attempts to restrict them.  Business ethics
and values are discussed in chapter four.

Chapter five outlines the COSO framework, noting that internal
controls provide assurance of the efficiency of operations and
reliability of financial reporting--as long as there is compliance
with the laws and regulations.  (As this material is based on the 1992
version of COSO, it is interesting to note that the components of risk
management are pretty much the same, but that the dimensions of
objectives categories and unit-levels had not yet been added to the
model.)  Further concerns and limitations of COSO are expressed and
analyzed.  Additional frameworks are reviewed in chapter six.  Using a
hybrid of devices from these other frameworks, chapter seven suggests
the extension of internal controls with additional management aspects. 
Chapter eight recommends that an oversight process be established for
internal controls, noting particularly legal obligations and related
factors such as standards of care, generic corporate organization and
business roles and tasks.  The oversight issues are extended in
chapter nine, looking in more detail at job roles, and also insights
that arise from chaos theory.  Chapter ten finishes off the book with
a review of the reporting of internal controls: much of this is
concerned with the wording used in such statements, and the
ineffectiveness of such reports to control incidents and fraud.

Despite its age, this book is one of the more useful guides in the
area of governance and controls in corporations.  Root was willing to
go beyond the usual promotional jobs that masquerade as management
advice.  While he does not solve the problem, he at least makes the
issues clearer, and raises interesting points in regard to solutions.

copyright Robert M. Slade, 2007   BKBECOSO.RVW   20070218


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
                  And the tubby beard went on.
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Beyond COSO", Steven J. Root, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Repeating messages on Yahoo mailing lists, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Previous by Thread:  [CISSP-D] Repeating messages on Yahoo mailing lists, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Indexes:  [Date] [Thread] [Top] [All Lists]