Sitemap    Contact Info
Tizor Systems, Inc. - Data Protection and Compliance Auditing Solutions
About Us Solutions Products Services Partners News & Events Resource Center
Resource Center View Mantra
Resource Center Overview
Data Sheets
Whitepapers
SOX White Papers
On-Demand Events
Compliance Resources
Data Security Resources
Data Breach Resources
Podcast
Bylines
Data Auditing for PUM

Privileged User Monitoring for SOX Compliance

Request this white paper

Many enterprises are facing the SOX compliance challenge of monitoring all of the data activity of their most privileged users. This paper highlights several of these challenges and how they can be addressed by a comprehensive database activity auditing solution.

Sarbanes-Oxley (SOX) IT controls address the integrity of databases that store sensitive financial and business information. In particular, new SOX requirements have shifted the focus from merely understanding who has access to information to continuous monitoring of database activity. These requirements target high risk database activities—privileged user behavior, direct access to sensitive data stores, user privilege escalation, failed login and failed database operations, and so on. Finally, while database applications like DB2, Oracle, SQL Server, and Sybase rightly attract most of the attention, the problem invariably extends to other sensitive data stores—file server-resident financial, legal, strategic, and spreadsheet documents being the foremost examples.

SOX Section 404 demands that companies (a) evaluate the adequacy of internal controls as they relate to financial reporting, (b) institute new controls as necessary, and (c) perform and report an assessment of these controls on an annual basis. In short, Section 404 says, “Management must ensure that appropriate internal controls for financial reporting are in place.” Furthermore, Section 404 requires not only that corporate and IT officers immediately put in place internal controls to protect the integrity of financial data (and, by implication, all systems that access that data), but also that the organization must be able to demonstrate that appropriate controls are in place.

At first glance it is quite obvious that the full access credentials accorded to DBAs and system administrators creates a significant vulnerability for an enterprise’s data simply because these privileged users have access to all or a significant fraction of your data.

This is precisely the challenge that enterprises are facing with the SOX section 404 mandate to monitor the activity, particularly database activity, of their DBAs and other privileged users.

Request this white paper