Database Security Report: SOX Compliance, Auditing, and DBA Role

Verified

Added on 2022/10/31

AI Summary

This report delves into the critical aspects of database security, specifically focusing on compliance with the Sarbanes-Oxley Act (SOX). It examines the key requirements of SOX, including the importance of separation of duties and the role of logging in maintaining data integrity and financial reporting transparency. The report highlights the use of database auditing and monitoring as essential components for SOX compliance, emphasizing the need for advanced reporting, access control, and automated scheduling to accelerate auditing processes. Furthermore, it outlines the role of the Database Administrator (DBA) in protecting data integrity and ensuring compliance with regulations like SOX. The report also addresses the challenges associated with implementing SOX, such as the manual collection of evidence and the need for automated testing sessions. Overall, the report provides a comprehensive overview of how database security measures are crucial for meeting SOX requirements and maintaining data integrity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DATABASE SECURITY
Database Security
Name of Student-
Name of University-
Author’s Note-

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1DATABASE SECURITY
Glance of SOX
SOX is Sarbanes-Oxley Act which is also known as Accounting Reform Protection Act.
This act was signed as law on 30th July, 2002 [2]. The main goal of this act was to increase the
transparency in the corporate governance as well as financial reporting. This act also formalizes
a particular system for the internal checks as well as internal balances.
Logging and Separation of duties with SOX
The main requirement for Sox includes duties separation used in process of change
management. Separation of duties states that same person is not allowed to make change in
developing the database and also cannot move the change in production database [4]. This
particular requirement is done to eliminate different changes in system affecting financial
reporting. When the processes included in SOX are performed in an organization manually, then
maintaining the compliance becomes time-consuming as well as becomes costlier. For
implementing the separation of duties in the SOX act, access should be assigned to the
development team and tasks should be assigned on the basis of role that is performed by each of
the member. All the individuals should be given permission to do the job or tasks in the system.
Database auditing and monitoring used in SOX compliance
For accelerating the database auditing as well as monitoring the database, SOX
compliance is needed so that the activity of database becomes visible [3]. There should have
been advanced reporting, access control, reporting and auditing features. All these features helps
in establishing the accountability environment ensuring the team to achieve security health
assessment, maintain the privacy via internal controls, prove claims, as well as help to implement
the disclosure when it is needed. Automated scheduling for the SOX workflows as well as helps

2DATABASE SECURITY
in auditing the tasks as well as dissemination including relevant information that is responsible
with the parties that are included across the company or organization.
Use of automation with SOX frameworks by a DBA
The role of database administrator includes protecting as well as preserving the data
integrity with legislation like GDPR, PCI, CCPA, HIPAA or act like SOX [5]. The shareholders
as well as public includes the fraudulent activities that are included in the companies and these
standards are to be used for addressing the concerns. DBA mainly introduces new procedures as
well as policies used for creating the backup as well as includes recovery of the processes. The
DBA ensures encryption in the system, includes auditing and includes access on the regulated
data. SOX does not protect the PII of an individual. The main focus of SOX is focusing on
maintaining the compliance of the system.
The process which states to collect the evidence which is done manually is expensive
one. For automating the system, the DBA needs to implement three testing sessions. Each of the
phase in the process becomes a challenge for the SOX and there always remains a struggle with
issues of control version [1]. The three sessions of struggle includes Initial round, interim round,
and the year-end round. After the last phase being completed, there should be independent
auditors to carry out the test control, review the documentation as well as helps to determine the
management assessment to establish the internal controls.

3DATABASE SECURITY
References
[1] S. Banerjee, M. Humphery-Jenner, and V. Nanda, Restraining overconfident CEOs through
improved governance: Evidence from the Sarbanes-Oxley Act. The Review of Financial
Studies, 28(10), 2015, pp.2812-2858.
[2] E. Bartov, and L. Faurel, Sarbanes–Oxley Act and patterns in stock returns around executive
stock option exercise disclosures. Accounting & Finance, 56(2), 2016, pp.297-332.
[3] W. Ge, A. Koester, and S. McVay, Benefits and costs of Sarbanes-Oxley Section 404 (b)
exemption: Evidence from small firms’ internal control disclosures. Journal of Accounting and
Economics, 63(2-3), 2017, pp.358-384.
[4] N. Abdioglu, V. Bamiatzi, S.T. Cavusgil, A. Khurshed, and K. Stathopoulos, Information
asymmetry, disclosure and foreign institutional investment: An empirical investigation of the
impact of the Sarbanes-Oxley Act. International Business Review, 24(5), 2015, pp.902-915.
[5] A. Albuquerque, and J.L. Zhu, Has Section 404 of the Sarbanes–Oxley Act Discouraged
Corporate Investment? New Evidence from a Natural Experiment. Management Science, 2019.