Network Security Audit Risk Assessment Information Security Consulting Computer Forensics

 



Compliance and Database Risk Management

Sarbanes-Oxley (SOX), California Senate Bill 1386, the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), the Gramm-Leach-Bliley (GLB) Act, and other regulations were all enacted to help protect information. These acts require internal controls to protect information integrity, confidentiality, availability, and accountability.

While accountants and auditors are familiar with internal controls, many IT departments lack the the knowledge and controls needed to safeguard information. Even sophisticated databases, managed by Database Administrators (DBAs), lack secure controls and and connectivity to information.

Many DBAs have complete access to all of your organization's data. While complete access helps manage and minimize downtime, it also puts your organization at risk as the DBAs have full access with limited knowledge of compliance requirements, rules, and regulations.

Management must determine the minimum amount of access needed to allow the DBAs and other personnel to perform their job duties. For example, must the DBAs have access to confidential or sensitive data such as payroll, protected health information (PHI), or other types of confidential information?

Network security audits help ensure your internal controls provide the appropriate reporting and procedures, detect unauthorized use of systems, and meet compliance requirements.

Tags: network security audit | compliance audit | database audit | risk management

Take our Challenge.   Copyright © 2006-2011 Altius Information Technologies, Inc.  All rights reserved.    On-line Support.    Privacy.    Site Map.    Contact Us.