RE: SOX Compliance and Segregation of Duties

• From: "Reidy, Ron" <Ron.Reidy@xxxxxxxxxxxxxxxxxx>
• To: <pbashir@xxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
• Date: Sat, 1 Apr 2006 19:18:33 -0700

Comments below ...

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Parvez Bashir
Sent: Saturday, April 01, 2006 12:53 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: SOX Compliance and Segregation of Duties


Folks,

We are currently using the following "watch the DBA" approach for SOX.

1) Lock SYS/SYSTEM except for upgrades/one-off patches/patch sets
2) Each DBA logins in "AS SYSDBA". We have turned on
SYS_AUDIT_OPERATIONS
3) We are auditing all DDL including "AUDIT all on sys.aud$ by access"

Here is the problem with this approach:

1) Logins for db user " X AS SYSDBA"  create the AUD$ audit record for
SYS 
(not X). Is there any way to work around this problem?
[rr]  No. "... AS SYSDBA" is effectively logging in as SYS.
2) The OS audit files are created with "oracle" OS account privileges
and 
can be removed by the "oracle" account. Is this possible to send the 
information to non-Oracle logs? There is some mention in metalink that
this 
is possible for certain operating systems but it is not clear which
ones.
[rr] Yes, upgrade to 10.2.0.2.0.  Audit logs can be written to SYSLOG
(Unix).  Syslogs can be saved to a remote server.  This effectively
keeps those who can access the oracle account from altering/delting the
DBA audit trail.

Also, is there any white paper for "Oracle DBA SOX Compliance"?

Regards,
Parvez


--
//www.freelists.org/webpage/oracle-l



This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is 
intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.

--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: SOX Compliance and Segregation of Duties
    • From: Jared Still

Other related posts:

• » SOX Compliance and Segregation of Duties
• » RE: SOX Compliance and Segregation of Duties
• » Re: SOX Compliance and Segregation of Duties
• » Re: SOX Compliance and Segregation of Duties

1. Home
2. oracle-l
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---