SOX, HIPPA and PCI Standards Compliance - Top 5 IT Weakeness found when auditing

Data Auditing and the "Top 5" IT Control Weaknesses

So what is data auditing? Data auditing is performed in the form of security assessments and activity monitoring for organizations storing, collaborating or transmitting sensitive data.  This means corporate transactions, consumer credit card data, social security numbers, birth dates and so on. Data auditing is neccessary so companies can identify and correct IT control weaknesses.  These corrections are generally automated and sustainable to ensure that companies, their processes and personnel are complaint with governance in their industries.

 

Experts in the field of Compliance to standards, such as SOX, HIPPA and PCI, have identified five IT control weaknesses most often found when performing audits. These five areas we are listing have been validated with auditors, analysts, and their customers via these experts.

 

Below are the top 5 IT Control weaknesses: 

• Audit privileged users
• Manage database user accounts and entitlements made obsolete as a result of employe termination or transition
• Meet segregation of duties requirements
• Review audit logs
• Identify anomalous database activity in a timely manner

Meet segregation of duties requirements

• Review audit logs
• Identify anomalous database activity in a timely manner

I will go into more detail on each of these areas in future blogs!  This is just to give you an idea of what is covered so you can be fully aware of the impact of these industry regulations.