jkstill_at_gmail.com wrote:
> Niall Litchfield wrote:
>
> > > In the US; just the fact that there is no way to make MySQL comply with
> > > SarbOx, FACTA, and HIPAA should be enough to kill it in the minds of
> > > most thinking people. But then one has good reason to speculate as to
> > > what percentage of IT management qualifies as 'thinking'.
> >
> > for those of use to whom US law is of only indirect relevance what are
> > the specific technical software requirements of these regulations to
> > which you refer.
> >
>
> Actually, I don't believe that there are any regulations
> that directly affect the database software.
>
> Sarbanes-Oxley and HIPAA are all about process and accountability.
> I am much more familiar with SarbOx.
>
> It requires periodic reviews to ensure that change control
> procedures are followed, segration of duties takes place,
> no one has more access than they need, logs reviewed, etc.
>
> You are required to prove that this all takes place.
>
#> The fact that Oracle currently resembles a block of Swiss
#> cheese from a security standpoint probably wouldn't matter,
#> as I don't believe that is addressed.
Well they do put out quarterly security updates and there are certainly
some strong opinions on how effective and valuable and well tested
these security updates are (or not).
Received on Tue Oct 11 2005 - 12:03:08 CDT
