RE: Sox Poll results

  • From: "Spears, Brian" <BSpears@xxxxxxxxxxxxxxxxx>
  • To: <oracle-l@xxxxxxxxxxxxx>
  • Date: Mon, 1 Nov 2004 09:53:11 -0500

 Welll, many people responded directly to me. Many dba's are going through
this hassle in various forms and some are being regretfully emasculated to
having squat for privileges... And I am not sure want to broadcast it... Of
course this is just US dba's so its just the Canadians dba's that probably
still work by the seat of their pants with everything balancing on them to
go right.. (Don't really know- haven't been there in 4 years).

 I have had to sign so many agreements of confidentiality it ain't funny.
Right now the procedure to enforce this are out of control as we have to
manually record in 3 systems (and some systems are 10 page fill outs.. )
even for logging into these systems.. So some of you dbas-- don't worry, be
happy! I'm  sure when people see the waist of time it is...we will improve
the system.

And thanks to all who responded,
Brian Spears 

Kafka would be amused.

Conspiratorial fraud between senior management and auditing firms led
directly to the Sarbanes-Oxley regulations passing.

Now, external audit reports by auditing firms are mostly transparent
consulting cash generating projects that focus on making life difficult for
IT departments. Not one single SEC investigation I am aware of has anything
to do with unethical behavior by DBAs or development staff; yet most of the
focus of SarBox audits is on locking development out of production by
scaring senior management about who has the keys and encouraging them to
believe they cannot trust their own employees.

<craft your own Mogens-like phrase about being glad to be in partial
ownership of a consulting firm.>

Now, for what it is worth, I do support the notion that production DBAs
should sign similar agreements of confidentiality and fiduciary
responsibility as those signed by those in the payroll, human benefits, and
finance departments. Most of the external audit reports I've seen try to
claim that DBAs either do not understand the business or are not
trustworthy, or both. If that is they case, your company is already toast
anyway. Far too many companies and auditors are confused about what a DBA is
and too lightly assign that title to folks who are at most database
operators rather than administrators.



-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On
Behalf Of Jared Still
Sent: Sunday, October 31, 2004 1:41 AM
To: bspears@xxxxxxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Sox Poll

I don't have to request the system password, but do have to request the
password for the application accounts on the servers.

We have personal logins with admin rights on the servers. The point of this
is being able to audit who did what, and if someone has the password, who it


On Fri, 29 Oct 2004 10:39:00 -0400, Spears, Brian
<bspears@xxxxxxxxxxxxxxxxx> wrote:
> Ok, let me put it clearer... DBA's not beening allowed to have the 
> system password. They must request it from a separate group to do 
> changes. I am hearing of other dba's having to do this. I know we 
> haven't only  because
> one suggested it yet. We are having to do some real interesting
> to get stuff done.
> Brian
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx 
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
> On Behalf Of Spears, Brian
> Sent: Friday, October 29, 2004 10:06 AM
> To: oracle-l@xxxxxxxxxxxxx
> Subject: Sox Pole
>  Just wondering if Sarbanes Oxley has reduced people to getting 
> permission for the system password each time from Operations to be 
> able to sign into the production databases? Some real crazy stuff 
> coming out of this.
> Brian
> --
> //
> --
> //

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist



Other related posts:

  • » RE: Sox Poll results