database auditing and monitoring fit within a SOX compliance framework.
Rose11
OriginalityReport.pdf
8/2/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=1c1a1f2f-2c2c-4098-97c8-a022e777ddf7&course_id=_48137_1&i… 1/3
%26
%11
SafeAssign Originality Report Database Security - 202031 - CRN220 - Scavotto • Week 12 Paper
%37Total Score: Medium risk Vaishali Katherapalli
Submission UUID: 86b53d9d-5283-0df7-d8dc-3c8373b210f4
Total Number of Reports
1 Highest Match
37 % Week12Asst.docx
Average Match
37 % Submitted on
08/02/20 02:25 PM EDT
Average Word Count
996 Highest: Week12Asst.docx
%37Attachment 1
Institutional database (7)
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper
Internet (3)
intonenetworks home model160
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 996 Week12Asst.docx
7 1 4
5 2 8
9
6 3 10
7 Student paper 1 Student paper 6 intonenetworks
Running Head: DATABASE AUDITING AND MONITORING FIT WITHIN A SOX COMPLIANCE FRAMEWORK. 1
DATABASE AUDITING AND MONITORING FIT WITHIN A SOX COMPLIANCE FRAMEWORK 4
Database auditing and monitoring
Students Name: Professor’s Name: Date:
Database Auditing and Monitoring Fit Within a SOX Compliance Framework Database auditing is the tracking of database, authority, and resources utilization precisely, recording, and actions monitoring of the database user. It also helps one to comply with increasingly demanding compliance. It involves observing a database to become aware of users of database actions. The administrators and consultants usually set up auditing for security to make sure that those who do not have permission to have access to data do not access it. When one audits a database, each data operation can be monitored and logged to an audit trail, which involves information on the database data recorded was interfered with, which account acted, and the time the activity occurred. SOX was passed to safeguard the shareholders’ fraudulent practices and accounting errors in enterprises, the general public, and improve the accuracy of corporate disclosures. (NAWA, 2007) ‘The Sarbanes-Oxley Act is known as the Public Company Ac- counting Reform, and the Investor Protection Act is a United States federal law, which sets standards for all U.S. public company boards.’. It sets deadlines for compliance and publishes rules on requirements. All companies that are public now must abide by SOX on the I.T side and financial sides. The storage of corporate electronic records by I.T. departments changed as an outcome of SOX. This act does not specify the storage of records by a company or establishes a set of business practices; it does not explain the length of the time for storage and which records should be stored. For a corporation to abide by SOX, it must save all the records for the business, including electronic messages and electronic records, for more than five years. The great plan of action for SOX compliance is to have controls of security that are correct in place to make sure that financial data is protected against loss and accuracy. Relying on the appropriate tools and developing best practices helps the business to reduce SOX man-
1
2
3
4 5
6
8/2/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=1c1a1f2f-2c2c-4098-97c8-a022e777ddf7&course_id=_48137_1&i… 2/3
Source Matches (15)
Student paper 100%
Student paper 96%
home 66%
Student paper 69%
agement costs and automate SOX compliance. (Pilewski, 2010 “Sarbanes Oxley Advisory services can help an organization with the implementa- tion and maintenance of sustainable SOX 404 compliance programs through readiness assessments, through documentation and testing assistance and sustainability assessment." Auditing and monitoring the database system is essential to address all five of the SOX regulations. A compre- hensive auditing strategy tracks user activity, security changes, schema modifications, and other events that reveal potential and real threats to se- curity. Detailed auditing is integral to meeting requirements for internal control and assessing those controls and their effectiveness determination. Even though this auditing level can affect resource requirements and performance, it must be utilized to its fullest to provide the necessary controls. Auditing solutions are available in a significant database system of management and involves the ability to generate comprehensive reports and to set up alerts. To comply with SOX, DBAs must ensure the availability, integrity, and data security and environment. They must have effective monitoring to guarantee the protection that is ongoing and meet the internal control requirements. The law of SOX does not specify how to go about implementing all this., only that it needs to be done. For most database teams, what law requires, much of it is consistent with management best practices they already have in place and security. Complying with the law of SOX can be a complicated process. And the database team should work closely with other organizations to make sure nothing slips through the cracks and that all regulations are met. Those involved in planning a compliance strategy must fully grasp how regulations work and the implications for being out of compliance. The Sarbanes Oxley Act needs fi- nancial statements to include a report on internal control. This illustrates that the organization's information on the financial statement is correct, and proper controls are in place to safeguard financial information. An independent external SOX auditor requires to assess policies, proce- dures, and controls during the audit section. An audit will also consider personnel, and staff may be interviewed to confirm that their job descrip- tions rematch their duties and that they have needed the training to access finance data safely. ("SOX audits) 'Auditors must ensure that the popula- tion and any sample have originated in the current fiscal year. Samples taken from the previous year cannot prove that the controls are effective at the time of the audit.’ The most significant component of the SOX compliance audit is to review an organization’s internal controls. They include all computers, electronic equipment, network hardware, and I.T.
3
7
8
9
6
assets. SOX mandates the company's complete yearly audit, and it makes those results suitable for any stakeholders. Independent auditors are hired to finish the SOX audits, which must be disunited from any other audit to anticipate a conflict of interest. The fundamental reason for the SOX compliance audit is the financial statement verification of a company. This auditor compares current statements to past statements and determines if everything is agreeable. They can also confirm that compliance controls are enough to maintain SOX compliance standards and interview per- sonnel. As we conclude, we should know that SOX is a good business practice but not just a legal obligation. Organizations should restrict access to financial systems and behave ethically. The implication of SOX financial security controls has the side benefits of safeguarding the company for cy- ber attackers stealing their private data.
References
Pilewski, B. A. (2010). Sarbanes-Oxley Act of 2002 (SOX): Compliance. Encyclopedia of Information Assurance, 2575-2581. doi:10.1081/e-eia- 120046849
NAWA, K. (2007). Sequestered science and SOX act for scientific research. Journal of Information Processing and Management, 50(6), 367-368. doi:10.1241/johokanri.50.367
SOX audits. (n.d.). Internal Audit Handbook, 389-401. doi:10.1007/978-3-540-70887-2_22
1
1
10
1
Student paper
DATABASE AUDITING AND MONI- TORING FIT WITHIN A SOX COMPLI- ANCE FRAMEWORK.
Original source
Database auditing and monitoring fit within a SOX compliance framework
2
Student paper
DATABASE AUDITING AND MONI- TORING FIT WITHIN A SOX COMPLI- ANCE FRAMEWORK 4
Original source
HOW DATABASE AUDITING AND MONITORING FIT WITHIN A SOX COMPLIANCE FRAMEWORK 4
3
Student paper
Database auditing and monitoring
Original source
Continuous Auditing and Monitoring
4
Student paper
SOX was passed to safeguard the shareholders’ fraudulent practices and accounting errors in enterprises, the general public, and improve the accuracy of corporate disclosures.
Original source
“In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the gen- eral public from accounting errors and fraudulent practices in enter- prises, and to improve the accuracy of corporate disclosures” (Groot, 2019)
8/2/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=1c1a1f2f-2c2c-4098-97c8-a022e777ddf7&course_id=_48137_1&i… 3/3
Student paper 68%
intonenetworks 82%
home 87%
Student paper 84%
Student paper 71%
Student paper 83%
Student paper 65%
intonenetworks 73%
Student paper 65%
Student paper 74%
model160 87%
5
Student paper
(NAWA, 2007) ‘The Sarbanes-Oxley Act is known as the Public Company Accounting Reform, and the Investor Protection Act is a United States fed- eral law, which sets standards for all U.S.
Original source
The Sarbanes-Oxley Act of 2002, also known as SOX or the Public Compa- ny Accounting Reform and Investor Protection Act, is federal law
6
Student paper
It sets deadlines for compliance and publishes rules on requirements.
Original source
The act sets pre-defined deadlines for compliance and publishes rules on requirements
3
Student paper
(Pilewski, 2010 “Sarbanes Oxley Advi- sory services can help an organiza- tion with the implementation and maintenance of sustainable SOX 404 compliance programs through readi- ness assessments, through docu- mentation and testing assistance and sustainability assessment."
Original source
KPMG's Sarbanes Oxley Advisory Services (SOAS) can help an organi- zation with the implementation and maintenance of sustainable SOX 404 compliance programs through readi- ness assessments, through docu- mentation and testing assistance and through sustainability assessments
7
Student paper
Auditing and monitoring the data- base system is essential to address all five of the SOX regulations. A comprehensive auditing strategy tracks user activity, security changes, schema modifications, and other events that reveal potential and real threats to security. Detailed auditing is integral to meeting requirements for internal control and assessing those controls and their effective- ness determination. Even though this auditing level can affect re- source requirements and perfor- mance, it must be utilized to its fullest to provide the necessary controls.
Original source
Monitoring and auditing the data- base systems is essential to address- ing the SOX regulations A compre- hensive auditing strategy tracks user activity, data and schema modifica- tions, security changes, and other events, helping to reveal both real and potential security threats "De- tailed auditing is also integral to meeting the requirements for inter- nal controls and for assessing those controls and determining their effec- tiveness Although this level of audit- ing can impact performance and re- source requirements, it must be uti- lized to its fullest to provide the nec- essary controls
7
Student paper
Auditing solutions are available in a significant database system of man- agement and involves the ability to generate comprehensive reports and to set up alerts.
Original source
Fortunately, auditing solutions are available in most major databases management systems and include the ability to set up alerts and gener- ate comprehensive reports."
8
Student paper
To comply with SOX, DBAs must en- sure the availability, integrity, and data security and environment.
Original source
DBAs must ensure the security and the integrity of the data in order to comply with SOX
9
Student paper
The Sarbanes Oxley Act needs finan- cial statements to include a report on internal control.
Original source
"The Sarbanes Oxley Act requires all financial reports to include an Inter- nal Controls Report
6
Student paper
An independent external SOX audi- tor requires to assess policies, pro- cedures, and controls during the au- dit section. An audit will also consid- er personnel, and staff may be inter- viewed to confirm that their job de- scriptions rematch their duties and that they have needed the training to access finance data safely.
Original source
An independent external SOX audi- tor is required to review controls, policies, and procedures during the Section 404 audit An audit will also look at people working at the firm and may interview staff to confirm that their duties correspond to their job description and that they have the required training to safely access financial information
1
Student paper
SOX mandates the company's com- plete yearly audit, and it makes those results suitable for any stake- holders. Independent auditors are hired to finish the SOX audits, which must be disunited from any other audit to anticipate a conflict of interest.
Original source
“SOX mandates companies complete yearly audits and make those results easily available to any stakeholders Companies hire independent audi- tors to complete the SOX audits, which must be separate from any other audits to prevent a conflict of interest
1
Student paper
They can also confirm that compli- ance controls are enough to main- tain SOX compliance standards and interview personnel.
Original source
Auditors can also interview person- nel and verify that compliance con- trols are sufficient to maintain SOX compliance standards.” (UpGuard, 2020)
10
Student paper
Sarbanes-Oxley Act of 2002 (SOX):
Original source
The Sarbanes-Oxley Act of 2002
