Re: SOX Compliance and Segregation of Duties

In WinOra writing audit trail to os actually means writing to the security
event log. We use a system from Symantec that collects security event logs
and stores these centrally, or per global region.
Unfortunately it stores it in an Oracle database. which is not very secure
anymore these days :-

Regards,
Andre van Winssen


>>
>> [rr] Yes, upgrade to 10.2.0.2.0.  Audit logs can be written to SYSLOG
>> (Unix).  Syslogs can be saved to a remote server.  This effectively
>> keeps those who can access the oracle account from altering/delting the
>> DBA audit trail.
>
>
> Nice feature, I wasn't aware of that.  Probably heard it somewhere
> and promptly forgot.  :)
>
> You could do this yourself though simply by sending the audit trail
> to the OS rather than Oracle.  That has been a std feature for a long
> time.
>
>
> Also, is there any white paper for "Oracle DBA SOX Compliance"?
>>
>>
> The problem with SOX is that it is not well defined.
>
> What constitutes compliance is defined by a company and its auditors.
>
> Whatever agreement is reached will probably not work as is for
> any other company.
>
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>


--
http://www.freelists.org/webpage/oracle-l


Other related posts: