Reports : PCI, SOX, and HIPAA reports : Report: Abnormal or Unauthorized Changes to Data
 
Report: Abnormal or Unauthorized Changes to Data
This report tracks all changes made to data by any account other than the application user account. The report should be reviewed and commented on by appropriate management on a quarterly basis.
COBIT objectives
This report is designed to meet the following COBIT objectives:
Objective Number
Description
AI2.3
Unauthorized changes to data by non-application[13] accounts are tracked and reviewed by IT Management on a quarterly basis.
Setup requirements
Sox Abnormal or Unauthorized Changes to Data policy: Object Audit Options
Report columns
The following columns are displayed in the report body:
Columns
Description
User ID
The ID of the database user that conducted the flagged activity
Object
The name and owner of the database object that was directly manipulated by the flagged activity
Timestamp
The exact time the flagged activity was conducted
Terminal
The terminal IP address or name
Origin Application
The name, or other identifier, for the originating application, if the activity originated from an external application or from an application server
Action Type
The type of action successfully enacted by the User ID.
 
By default, all actions are considered unauthorized. If you want, for example, to only mark UPDATEs as unauthorized actions, use Filters section in order to filter out the other action types.
See also
General steps for generating PCI, SOX, and HIPAA reports