Databases Reference
In-Depth Information
In this chapter you'll explore the world of regulations. You'll get a brief
overview of some of the requirements defined within these large (and not
“plain language” texts) and how they map into database environments and
database security implementations. You'll also see the relationship between
security and auditing—both of which are required by these regulations. In
the following two chapters you'll delve deeper into the world of database
auditing, including what types of database operations you need to audit and
how you should go about architecting the auditing solution.
11.1
The alphabet soup of regulations: What does
each one mean to you?
We will discuss many of the headline-grabbing regulations, but let's start
with a brief example of the biggest of them all: Sarbanes-Oxley. Question-
able accounting practices and poor management in companies such as
Enron and Worldcom shattered investor confidence and caused Congress to
pass the Sarbanes-Oxley Act of 2002 (SOX) “to protect investors by
improving the accuracy and reliability of corporate disclosures made pursu-
ant to the securities laws.” While some companies are reacting to SOX by
addressing minimum requirements for the end-of-2004, other companies
are also addressing requirements that will take effect at a later date. Among
these are requirements for real-time disclosure of any event that may affect
performance, as well as security and privacy issues.
While SOX compliance is primarily the responsibility of the CEO and
CFO, CIOs have a key role in implementing technology strategies that can
support real and implied integrity, security, credibility, and transparency
requirements that SOX has defined—both for financial systems as well as
for other systems that manage data that is critical to company performance,
including ERP, CRM, SCM, and so on.
Because
of these systems employ relational databases—where the
data is actually stored eventually—these projects include database security
and auditing implementations. This is the main message of this chapter and
the reason you need to understand what these regulations are all about (and
how to deal with them).
all
Search WWH ::
Custom Search