{"title":"数据库内部安全控制SOX法律认证","authors":"Kamilla Dória da Silveira, R. Fidalgo","doi":"10.1145/3229345.3229393","DOIUrl":null,"url":null,"abstract":"Section 404 of the SOX Act requires companies to certify to the effectiveness of their internal control over financial reporting. After investigating this context considering the scope of Database Security (DB), it was verified that the related works explore in detail the strategic vision of the internal controls, but neglect their operational and practical aspects. Aiming to give a contribution to this problem, this work proposes a guide of operational and technical controls to evaluate the security of the DB according to the SOX Act. As a proof-of-concept, the guide is used to the development of the tool SOXSecurity4DB, which was used in a case involving a multinational company of the retail industry.","PeriodicalId":284178,"journal":{"name":"Proceedings of the XIV Brazilian Symposium on Information Systems","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Database Internal Security Controls for SOX Law Certification\",\"authors\":\"Kamilla Dória da Silveira, R. Fidalgo\",\"doi\":\"10.1145/3229345.3229393\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Section 404 of the SOX Act requires companies to certify to the effectiveness of their internal control over financial reporting. After investigating this context considering the scope of Database Security (DB), it was verified that the related works explore in detail the strategic vision of the internal controls, but neglect their operational and practical aspects. Aiming to give a contribution to this problem, this work proposes a guide of operational and technical controls to evaluate the security of the DB according to the SOX Act. As a proof-of-concept, the guide is used to the development of the tool SOXSecurity4DB, which was used in a case involving a multinational company of the retail industry.\",\"PeriodicalId\":284178,\"journal\":{\"name\":\"Proceedings of the XIV Brazilian Symposium on Information Systems\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the XIV Brazilian Symposium on Information Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3229345.3229393\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the XIV Brazilian Symposium on Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3229345.3229393","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Database Internal Security Controls for SOX Law Certification
Section 404 of the SOX Act requires companies to certify to the effectiveness of their internal control over financial reporting. After investigating this context considering the scope of Database Security (DB), it was verified that the related works explore in detail the strategic vision of the internal controls, but neglect their operational and practical aspects. Aiming to give a contribution to this problem, this work proposes a guide of operational and technical controls to evaluate the security of the DB according to the SOX Act. As a proof-of-concept, the guide is used to the development of the tool SOXSecurity4DB, which was used in a case involving a multinational company of the retail industry.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
