Sarbanes-Oxley (SOX), California
Senate Bill 1386, the Health Insurance
Portability and Accountability Act (HIPAA),
Payment Card Industry (PCI), the
Gramm-Leach-Bliley (GLB) Act, and other
regulations were all enacted to help protect
information. These acts require internal
controls to protect information integrity,
confidentiality, and availability.
While accountants and auditors
are familiar with internal controls, many IT
departments lack the the knowledge and controls
needed to safeguard information. Even
sophisticated databases, managed by Database
Administrators (DBAs), lack secure controls and
and connectivity to information.
Many DBAs have complete access
to all of your organization's data. While
complete access helps manage and minimize
downtime, it also puts your organization at risk
as the DBAs have full access with limited
knowledge of compliance requirements, rules, and
regulations.
Management must determine the
minimum amount of access needed to allow the
DBAs and other personnel to perform their job
duties. For example, must the DBAs have access
to confidential or sensitive data such as
payroll, protected health information (PHI), or
other types of confidential information?
Network
security audits help ensure your internal
controls provide the appropriate reporting and
procedures, detect unauthorized use of systems,
and meet compliance requirements.
Security Blog menu
Tags: network security audit | compliance
audit | database audit | risk management
|