Compliance and Database Risk Management


Sarbanes-Oxley (SOX), California Senate Bill 1386, the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), the Gramm-Leach-Bliley (GLB) Act, and other regulations were all enacted to help protect information. These acts require internal controls to protect information integrity, confidentiality, and availability.

While accountants and auditors are familiar with internal controls, many IT departments lack the the knowledge and controls needed to safeguard information. Even sophisticated databases, managed by Database Administrators (DBAs), lack secure controls and and connectivity to information.

Many DBAs have complete access to all of your organization's data. While complete access helps manage and minimize downtime, it also puts your organization at risk as the DBAs have full access with limited knowledge of compliance requirements, rules, and regulations.

Management must determine the minimum amount of access needed to allow the DBAs and other personnel to perform their job duties. For example, must the DBAs have access to confidential or sensitive data such as payroll, protected health information (PHI), or other types of confidential information?

Network security audits help ensure your internal controls provide the appropriate reporting and procedures, detect unauthorized use of systems, and meet compliance requirements.



Security Blog menu  

Tags: network security audit | compliance audit | database audit | risk management

 


Certified Auditors

Certified Information Systems Auditors
Altius IT's auditors are certified to audit your systems and issue reports and opinions on your security. We help you identify, manage, and reduce your risks. Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets

For a full list of our certifications please visit our About Us page.