Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "HTML Kit"] [Next entry: "The first Oracle security alert for Jan 18th - First quarterly scheduled security patch"]

More on Sarbanes Oxley and Oracle

I talked about Sarbanes Oxley and Oracle the other day here. The issue was raised as a question on the oracle-l list originally. I have been following further posts with interest as this is a very current subject. There seems to be a major underlying feeling to the thread that the actions required by organisations are subject to the individual interpretations of the auditors performing the audit. One poster even suggested that he has seen differences between auditors from the same audit firm when they have audited his company at different levels. Jared has made some good points including suggestions on password storage and also about use of shared accounts. Also the issue of personal accountability has been discussed in detail. The final post (so far) in the thread by Kip talks about the need for audit-ability where emails have been used as the line of communication in change control procedures. He said auditors are requiring access to all emails from 8 months ago. This sort of level of accountability could become an issue in some companies with large workforces and millions of emails. The complete thread Sorbanes Oxley for dummies? can be found here.