mardi 28 février 2012 21:50I would like to hear from some real world in the trenches dba's that have the requirement to audit everything they do and what solutions they have dealt with? There are a number of large players in the market such as Imperva, Sentrigo, IBM, Fortinet and it looks like we will purchase one of these to audit our DBA activities for SOX compliance. Anyone care to chime in on their experience/preference? Thanks
Toutes les réponses
mercredi 29 février 2012 07:21Modérateur
Please refer to the SQL Server White Paper: SQL Server 2008 Compliance Guide which could help you on where to begin or how to automate the program using technology, specifically SQL Server.It address the compliance of SOX, PCI, HIPAA and GLBA using SQL Server 2008.
And there's also a case study describing Credit Suisse's efforts to become SOX compliant with SQL Server 2005.
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
lundi 5 mars 2012 15:23Hello, thanks for the links. I had seen the whitepaper and it is a good reference. As I mentioned in the original post, I was hoping for replies form people working with some of the more well know vendors and what their experience has been good or bad with compliance software.
lundi 5 mars 2012 18:20
You might want to look at Oracle's Audit Vault which provides SOX, PCI, HIPAA compliance reporting and alerting management (on a near real time basis). Although it's a Oracle tool the solution supports SQL, IBM DB2 and Sybase ASE - http://www.oracle.com/us/products/database/056885.pdf
My company thought it was such a good product that we are using Oracle Audit Vault as our Platform as a Service (PaaS). Our service model helps because the audit logs are stored outside of the DB environment hence stopping a rogue DBA logging in and deleting their audit trail activity.