Modern Database Management: Chapter 11 Review Question 16

what-are-the-two-key-types-of-security-policies-and-procedures-that-must-be-established-to-aid-in-sarbanesoxley-compliance

Question

What are the two key types of security policies and procedures that must be established to aid in Sarbanes-Oxley compliance?

Answer

The Sarbanes-Oxley act is also called Sarbox or SOX. It is planned to make sure the reliability of public companies' financial statements. It mainly guarantees the security of the financial structure and IT infrastructure (information technology) used in the organization. It focuses on controlling the databases and applications used in the organization.

There are the following two types of security policies:

Personnel control

  • It concerns the safety of personnel in the business environment.
  • It discusses system authorization and authentication procedures.
  • The organization ensures that the background and abilities of potential employees are checked.
  • It controls the practices and behaviors of employees who are employed.
  • Responsibilities of each employee and design procedures for leaving employees.

Physical access control

  • It deals with the physical actions performed inside the specific place of the organization.
  • It monitors the daily access of the employees like swipe time, allowing specific employees for the particular area, ensures the data recorded in the database, etc.
  • Manage the sensitive equipment used in the organization

إرسال تعليق

Post a Comment (0)

أحدث أقدم