| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: SOX Compliance and Segregation of Duties
In WinOra writing audit trail to os actually means writing to the security event log. We use a system from Symantec that collects security event logs and stores these centrally, or per global region. Unfortunately it stores it in an Oracle database. which is not very secure anymore these days :-
Regards,
Andre van Winssen
>>
>> [rr] Yes, upgrade to 10.2.0.2.0. Audit logs can be written to SYSLOG
>> (Unix). Syslogs can be saved to a remote server. This effectively
>> keeps those who can access the oracle account from altering/delting the
>> DBA audit trail.
>
>
> Nice feature, I wasn't aware of that. Probably heard it somewhere
> and promptly forgot. :)
>
> You could do this yourself though simply by sending the audit trail
> to the OS rather than Oracle. That has been a std feature for a long
> time.
>
>
> Also, is there any white paper for "Oracle DBA SOX Compliance"?
>>
>>
> The problem with SOX is that it is not well defined.
>
> What constitutes compliance is defined by a company and its auditors.
>
> Whatever agreement is reached will probably not work as is for
> any other company.
>
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Apr 12 2006 - 06:25:58 CDT
 |
 |