Following a question from a prospect, I thought that it would be useful to provide some insight into our approach for audit and compliance.
"SecureSphere addresses different business requirements based on its ability to secure and monitor transactions from the end user through the Web application to the database. SecureSphere offers complete data security and visibility: SecureSphere can identify the unique application users that performed database queries—even in multi-tier environments. This Universal User Tracking capability provides user accountability to database audit trails and compliance reports".
The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1996. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. (source: wiki)
Using a single, well-known industry standard as a framework provide multiple benefits:
- Organizations can easily integrate SecureSphere into their existing audit and compliance projects using consistent reporting.
- SecureSphere administrator can add additional reports based on business requirements (even though SecureSphere ships with a library of several hundred reports...).
- Adding out-of-the-box support for additional compliance mandates is straightforward.