[Previous entry: "Security ethics in vulnerability disclosure"] [Next entry: "Searching metalink from the MS search bar"]
Sarbanes Oxley and Oracle
January 13th, 2005 by Pete
Post to del.icio.us
Post to Furl
There is an interesting thread today on the Oracle-l list about Sarbanes Oxley and Oracle and the issues and expense caused by adhering to Sarbanes Oxley in an Oracle shop. The thread is titled "Sorbanes Oxley for dummies?" where the poster asks if anyone has any good papers that relate to Sarbanes Oxley and what it means for the DBA. He clearly wants to understand the true position he is in relation to this complex legislation.
A great answer is posted next by Mark who makes some great observations including the fact that the actual requirements seem to be little understood and that auditors themselves are requiring things to be done that are not required as part of the legislation and that the cost of this fact will outweigh that of the true requirements. Mark also gives us a link to a Yahoo Group dedicated to Sarbanes Oxley and Oracle. The link is actually wrong in the Oracle-l thread. Mark also makes a good point about getting the DBA signed up to the "functional Team".
Paul as always makes a good contribution by giving us a link to Arups book about HIPAA and also to a paper by Arup about FGA and he makes a valuable point about SOX being so open to interpretation that its best to get advice from the auditors. Very interesting thread on this legislation.
