Audit sensitive data to see who did what, when, where, and how ?


We need to have information about whats going on our SQL server and

  • What is being changed ?
  • When it was changed ?
  • Where its changed ?
  • How its changed ?

These all questions need to be explored to understand the auditing of SQL Server. As we know the financial data is critical for the regulatory requirements and it has to be audit with proper reports of a financial report of the company.

We were not aware about the standard used for audit purpose . But some of them are as follows :

  1. PCI DSS [ Payment Card Industry Data Security Standard ] 
  • Its designed to ensure All companies ensures security standard  that accepts, , process, store or transmit credit card information maintain a secure environment. 
  • https://www.pcisecuritystandards.org/ 

 

2. HIPAA  [  Health Insurance Portability and Accountability Act ] 

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
  • https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/ 

3. FERPA [Family Educational Rights and Privacy Act ] 

  • The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
  • https://ed.gov/policy/gen/guid/fpco/ferpa/index.html

4. SOX  [ Sarbanes-Oxley (SOX) Compliance ] 

  • The Sarbanes-Oxley Act (SOX) requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. Your entire IT infrastructure–from server and network security to IT practices and operations–must be reinforced and configured to maintain and demonstrate compliance in the event of an audit.
  • http://www.soxlaw.com/introduction.htm

 

Now what needs to be audited for SOX requirement in SQL server and what not we need to learn more about it. We will keep posting on it in future post.

Advertisements

About Devendra Singh

A guy with self learning capability , Analytical Ability , Exploring in nature , Just looking for ways for spreading happiness among everyone. Little aggressive some time. Just want peace everywhere in this world.
Aside | This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s