Databases Reference
In-Depth Information
Figure 11.4
A compliance
report based on the
selected rules.
details per security dimension, and recommendations per security dimen-
sion) and historical charts showing you how close you are to compliance at
every point in time.
Finally, the last role of audit and auditing is as an integral part of secu-
rity. There is no security without audit. This is not merely a by-product of
human nature, the effectiveness of deterrence, and so on. Auditing reports
and audit results are important tools in spotting problems and fixing them.
11.4
The importance of segregation of duties
All regulations try to deal with a set of human behaviors such as untruthful-
ness, greed, sloppiness, laziness, and so forth. In doing this, the regulations
use two main techniques: (1) guidelines so that people cannot too loosely
interpret the regulations to their benefit and (2) segregation of duties. Of
the two, segregation of duties and the use of multiple audit layers is the
Search WWH ::
Custom Search