Basel II Compliance for SQL Server DBAs

The Basel Capital Accord Basel II [1] is an improvement of recommendations for banking standards on international scale, based on three intertwined pillars, issued by the Basel Committee on Banking Supervision. It’s an extension the Basel I Accord [1], and it sets risk and management requirements while introducing a data management approach.

December 5, 2013

GLBA Compliance for SQL Server DBAs

The Gramm – Leach – Bliley Act (GLBA) is a security and privacy regulations standard created with a purpose to protect consumer financial privacy. To meet GLBA compliance requirements, customers must be informed by the financial organizations about the organization’s information privacy and sharing practices. The customers must be provided with explanation about their rights and unambiguous option to deny their financial information to be shared with any third parties.

December 4, 2013

PCI Compliance for SQL Server DBAs

The Payment Card Industry Data Security Standard (PCI DSS, or just PCI) is a security regulations standard related to payment cardholder and card payment information security. Any company or institution that uses and stores such information is obligated to comply with the PCI standard.

November 22, 2013

How to audit your auditing in SQL Server – tracking when triggers are disabled

SQL Server auditing triggers are mostly used to maintain the integrity of the information on a database, or to provide an auditing trail of data changes. A trigger is a special type of a database object which is automatically executed upon certain conditions – e.g. actions performed by the user. What auditing triggers must provide while auditing data changes are answers to the following forensic questions:

November 6, 2013

How to audit SQL Server to comply with Basel II

What is Basel II

The Basel Capital Accord Basel II a set of international banking standards based on three mutually reinforcing pillars, issued by the Basel Committee on Banking Supervision in June 2004. It’s an improvement of the Basel I Accord, and it introduces a new approach to data management Pillar 1 – minimum capital requirements – defines the minimum capital required to cover the risks that the bank might encounter. To put it simply – the financial institutions are required to have enough cash to cover potential risks.

October 16, 2013

Audit failed SQL Server logins – Part 1 – distributed queries, brute force attacks, and SQL injections

Failed SQL Server logins are common in various scenarios. Accidently mistyped credentials (user name or password), changed permissions, or expired password are some of the benign reasons for failed SQL Server logins. On the other hand, there are malicious failed logins – unauthorized attempts to access confidential data stored on a SQL Server instance, that are more of a concern

October 10, 2013

SOX survival kit for the SQL Server DBA

The Sarbanes–Oxley Act of 2002, Sarbanes–Oxley, Sarbox, or SOX is a US federal law “written by lawyers for lawyers”. It’s a regulation created to improve the quality and integrity of financial reporting, and ensure the financial and business information is factual and accurate.

October 4, 2013