White Papers / Thought Leadership

Database Access, Security, and Auditing for PCI Compliance
Le Grand, Charles and Sarel, Dan (2008) 'Database Access, Security, and Auditing for PCI Compliance', EDPACS, 37:4, 6 — 32. DOI: 10.1080/07366980802063582
Charles H. LeGrand
Dan Sarel
April 2008

Now eight years into the aught decade, we ought to be proficient
with the controls, monitoring, risk management, and governance
needed to prevent and detect the debacles that ushered in the
Sarbanes Oxley act of 2002. And we should have a pretty good
idea how to protect against Internet attacks and identity theft.
But while you are considering that, remember the “Billion Dollar
Bubble” or Equity Funding scandal (the first major so-called
computer fraud) was started in 1964 and brought the company
down in 1973. And the first major electronic privacy legislation
was the Privacy Act of 1974 following revelations of privacy abuse
during the Nixon administration.
We are in a seemingly endless race to protect our information,
systems, and communications before the bad guys can bring us
down—and preferably before onerous legislation forces us into
rigid requirements about how to solve problems. We have built
some spectacular information infrastructures, and left enough
holes in them to present an inviting target to those who would
hijack systems and data for fun or profit. Now, while the technology
capabilities continue to expand, we are trying to plug the
holes in our existing systems while hoping the new systems we
implement will not create the next wave of vulnerabilities and
attacks.

click here to view / download the full published version of Database Access, Security, and Auditing for PCI Compliance