Implementing Database Security and Auditing phần 9

Thủ kiểm tra màn hình sự kiện và dấu vết có thể trở nên tẻ nhạt và không bền vững trong thời gian dài. Vì vậy, bạn có nên trở lại để theo dõi thời gian thực theo dõi sự kiện và theo dõi việc tạo ra hoặc ít nhất là định kỳ kiểm toán và so sánh hoạt động với một đường cơ sở. Đối với ví dụ được hiển thị trong hình , | 334 The alphabet soup of regulations What does each one mean to you that to their knowledge the filed reports do not contain any untrue statement or omission and that they represent the true financial condition of the company. They are personally responsible for the report and can even go to jail if a few years down the line the company needs to restate financial reports as has been done often in the past few years as a result of improper information presented in financial reports especially if they cannot prove that they took enough steps to try to ensure that the information was correct. SOX is a detailed document and you don t really need to read the whole of it. The most important section and the one most IT people focus on is Section 404 which requires management to report on the effectiveness of the company s internal control over financial reporting. This section requires management s development and monitoring of procedures and controls for making assertions about the adequacy of internal controls over financial reporting. Furthermore it is management s responsibility and cannot be delegated or abdicated so they also need to understand what is being audited monitored and how control is enforced . they cannot just be told that everything is okay . It goes even further management has to document and evaluate the design and operation of and report on the effectiveness of its internal controls. Management has to document the framework used assess its effectiveness publish any flaws and weaknesses and do all of this within the annual report published to investors. This boils down to the need for visibility transparency and segregation of duties. California Senate Bill 1386 In September 2002 the Governor of California signed Senate Bill 1386 into effect. Among other things SB 1386 mandates that . . . operative July 1 2003 . . . a state agency or a person or business that conducts business in California that owns or licenses computerized data that .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.