Correlation between compliance standards and code audits

Hi,
can anybody map (any of) the following compliance standards to (secure) coding requirements?
1. FDA
2. Basel II
3. SOX
4. Solvency II
5. HIPAA
6. EUROSOX
Basically, I am looking for legal requirements to conduct code reviews and the kind of code tests must be performed.
For PCI/DSS this is straight-forward as it is explicitly written in the standard.
Any ideas are welcome, so we can try build up a knowledge-base for this topic.
Thanks,
Andreas

Hi Michelle
where can I see how the two buttons were handled in code?You can open the Controller of the page & check in that how these buttons are handled there...
Generally,
pageContext.getParameter("btnId");//btnId is the ID of your Save/Apply Buttonis used for capturing the button.
AJ

Similar Messages

  • Correlation between BI developer and Web Analyst?

    These days, I'm studying to become a business intelligence developer and today I'm reflecting If I need necessary knowledge as a web analyst.
    My question is.
    Is there a correlation between BI developer and web analyst If yes, should I also gain skills as a web analyst?

    Hi Sakura,
    The largest part of any analyst role is understanding the clients needs / business requirements and being able to help translate those requirements into functional specifications. The best analysts I have worked with are the ones that know the product
    and what it can do. In addition, we will see more business intelligence applications deliver or render results to the web enabled portals like SharePoint 2013.
    As a developer the more you understand a clients needs and are able to meet those needs either OOB, third party, or custom code the more valuable you will become in being able to know where the holes are and being able to fill them,
    -Ivan
    -Ivan

  • Standard and sys audit to syslog

    Hello,
    I have question about enabling auditing to syslog.
    Is it possible to configure standard and sys auditing to local syslog in linux environment?
    I have read that from version 10.2 it is possible to add AUDIT_SYSLOG_LEVEL parameter to init.ora to send audit trail to syslog. But I need to have both auditings: standard auditing and sys operations auditing on a remote host using syslog.
    Regards
    Dominik

    Hi,
    I hope that the following document helps: http://www.springerlink.com/index/ut68j3652k06747j.pdf
    Regards,
    Naveed.

  • Diffences between 9i Standard and Enterprise edition

    Can anyone give me the Diffences between 9i Standard and Enterprise edition. Is there any document available for this.
    Thanks,
    Sunil.

    Here's the Oracle white paper on the subject...
    http://otn.oracle.com/products/oracle9i/pdf/9idb_rel2_prod_fam.pdf
    Justin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

  • Implementation of Oracle Coding Standards and Code Quality Checks

    I wanted to implement a list of coding standards and code quality checks for my oracle packages,functions,views,tableetc .
    for example
    All variables with number datatype should start with N_ and charcter type with C_ in all my tables & views definition.
    This can be identified during peer review & can be corrected, but i think this is a repeated process which i don want to burden the developers rather i wanted a tool which does all these kind of checks which can be automated.
    Is there any tool which does this operation or can someone give me a little idea how can i automate these stuffs bu creating a generic oracle procedure which can run through all the tables,views and generate a error report for those which are deviating from the standards.
    Thus we can reduce the manual effort spent on peer review, please suggest.
    thanks in advance

    maru wrote:
    I wanted to implement a list of coding standards and code quality checks for my oracle packages,functions,views,tableetc .
    for example
    All variables with number datatype should start with N_ and charcter type with C_ in all my tables & views definition.Hungarian notation is dead. It has no place in modern programming languages. Has no place in PL/SQL. Anit ain't just me saying that.
    +"Encoding the type of a function into the name (so-called Hungarian notation) is brain damaged—the compiler knows the types anyway and can check those, and it only confuses the programmer."+
    Linus Torvalds
    +"No I don't recommend 'Hungarian'. I regard 'Hungarian' (embedding an abbreviated version of a type in a variable name) a technique that can be useful in untyped languages, but is completely unsuitable for a language that supports generic programming and object-oriented programming—both of which emphasize selection of operations based on the type an arguments (known to the language or to the run-time support). In this case, 'building the type of an object into names' simply complicates and minimizes abstraction."+
    Bjarne Stroustrup
    2) Conditional Statements
    IF (x = 1) --> Wrong
    IF ((x = 1) AND (y = 2)) --> wrong
    IF x = 1 AND y = 2 --> RightIdiotic rules. The simple rule should be readability of code. Not how many brackets to use, and when not to use brackets. Minute standards like detracts from designing and writing proper code, fast and efficiently.
    There are many more rules (which is specific to ur application) which can be incorporated in the tool, there by giving consistency ,readability and easy to maintain for the developers.Bull. The more rules there are, the more difficult it becomes for programmers to write code. As it is no longer about writing readable and flexible and performing code - it is about double checking every single statement line against a huge list of rules about do's and dont's. It is not about getting the programmer focusing on solving the problem - it is about distracting the programmer with a complex and large rule list of how the code should look like.
    Sorry - but this rubs me the wrong way. In that environment, I would be the first to tell you to shove your "+many more rules+".
    I've developed systems in over a dozen languages over the years. I've seen all kinds of standards. The standards that work are those that are short, simple and sensible. Hungarian notation is not sensible. Writing reserved words in uppercase is not sensible. Dictating how brackets should be used is not sensible.
    What is sensible is using the de facto naming standards in use today - as per .Net Guidelines for Names (MSDN) and Code Conventions for the Java Programming Language.
    What is sensible is providing guidelines like bulk collection needs to be justified (not possible using SQL only) and use the limit clause to manage memory spend on the collection variable. Or how packages need to be used to modularise code, providing a public interface and private implementation.
    Standards are about creating a sensible and easy-to-use framework for writing code. It is not about creating a list of a 1001 rules that a developer needs to remember and adhere to, as if the developer is now part of some weird religious sect that has rules for every single aspect of human behaviour.

  • What is the difference between acrobat standard and acrobat pro?

    what is the difference between acrobat standard and acrobat pro?

    Simplest way to answer is with this link:
    http://www.adobe.com/products/acrobatpro/buying-guide.html

  • Correlation between cpu load and the run queue

    We are seeing cases where our cpu utilization is less than 50 % but we are getiing run queues of more than 10 minutes. I would expect a high run queue if we were seeing higher cpu utilization but I am having trouble correlating a high run queue with low cpu utilization. Has anyone else seen a condition like this or have any insights. Database is 11g RAC Exadata X2 full rack. We are using ORM to manage CPU resources as well.

    We are seeing cases where our cpu utilization is less than 50 % but we are getiing run queues of more than 10How many cores do you have?
    If 4, then it looks OK.
    Even if 8, it may be correct.
    The core does not pickup a waiting thread right after a running thread starts waiting for something like I/O. The switching of context has a cost.
    A time of delay may depend on CPU and kernel scheduler, but generally it should be some delay after CPU switches context from one process/thread to another, in case when a running process started waiting prematurely in the middle of its time slice. That is why you may see less than 100% CPU utilization.

  • What's the difference between Standard and Enterprise?

    Hi,
    I want to download oracle 8i for linux,and I don't know
    what's the difference between the standard and enterprise
    version. Can anyone give me the answer? Thanks a lot.
    forfun
    null

    forfun (guest) wrote:
    : Hi,
    : I want to download oracle 8i for linux,and I don't know
    : what's the difference between the standard and enterprise
    : version. Can anyone give me the answer? Thanks a lot.
    : forfun
    Enterprise vs Standard : technical view
    If you install Enterprise you must:
    - install Enterprise whith all the modules
    - apply the patch 8.1.5.0.1
    (if all the modules weren't installed, the patch fails because
    he tries to relink non installed products)
    If you install Stardard you must:
    - install Standard
    - no patch required !
    Enterprise vs Standard : package
    Standard is good enougth for a lot of purposes. It includes
    TextRetrival, Java inside the database, etc.
    With Enterprise, you can by additional products like Spatial
    data, Time Series, etc.
    Hope this helps,
    Thanks to Yann Doussot for these informations
    Gilles
    http://perso.club-internet.fr/gbriard
    null

  • Adobe X Pro vs Adobe X Standard and Javascripts

    Hi, I'm running into a problem.  I have Adobe Acrobat X Pro on my computer at work, however, I'm finding that my field personnel have Adobe Acrobat X Standard.  I've written some javascripts on a form to automatically calculate when a number is entered into a field.  I'm finding that the form works fine for the folks with Adobe Acrobat X Pro, but does not work for people with Adobe Acrobat X Standard. 
    Is there a specific reason for this?   I've been going nuts trying to find out why this is happening.  I even created the form in Adobe LiveCycle ES2 and the form still will not calculate for those that have Adobe Acrobat X Standard.  In addition to that, it doesn't work with Adobe Reader either.
    Anyone has any idea why this is happening? 
    (I'm going to post this same message over in Adobe Acrobat in case I've put this in the wrong spot.)
    Thanks
    Connie

    There is no difference in the JavaScript that is used and available to Acrobat Standard and Acrobat Professional. Adobe Reader cannot use specific features of the Acrobat JavaScript extensions like using JavaScript to add a form field. What is different between Acrobat Standard and Acrobat Professional is being able to access the document level JavaScript editing through User Interface, UI, of the program.
    The application preference for allowing JavaScript is the end user's choice. You can use a page open or document level script and a field, layer, or comment to check if JavaScript has been enabled. You can create a read only field that has a message that "JavaScript needs to be enabled". The field should be read only and visible. Then you can use a script like:
    his.getField("MyJSWaringingField").display = display.hidden;
    To hide the field upon opening the page or the PDF. The field will become hidden if JavaScript is enabled or remain visible if JavaScript is not available or not enabled.

  • Diferences between Oracle Standart and Enterprise

    What's the differences between Oracle Standard and Enterprise Edition

    Check out this link
    http://technet.oracle.com/doc/oracle8i_816/server.816/a76962/ch4.htm#73594

  • Compliance Standard errors in OEM 12c

    Hi all,
    I recently upgraded from OEM 11g to OEM 12.1.0.3 on a 11.2.0.4 database repository.  Any database instance compliance standard that I apply shows errors for every rule.  The documentation states to "Click the message in the Message column to decide what your course of action should be to resolve the error."  There is no Message column on the Compliance Standard Errors page.  Any ideas as to where to look to find the underlying error?
    Dave

    Hi Courtney,
    This still an issue.
    I am testing converting from dynamic groups based on Lifecycle Status to administrative groups also based on Lifecycle Status.  For this purpose I created one administrative group with Lifecycle Status of Staging.  I have 2 databases and their associated hosts, listeners, agents and oracle_homes as members of the group.  I created a template collection for the group that contains a hosts monitoring template, a database monitoring template, a hosts compliance standard, and a database compliance standard.  The hosts compliance standard is from a template created in 11g.  It works and produces results.  For the database compliance standard, I tried a template created in 11g, the Template for Out-of-Box DB Polices provided in 12c, and a compliance standard created by copying and modifying Template for Out-of-Box DB Polices.  In all cases no results were produced and the compliance standard errors page shows an error for every rule in the standard for both databases.  The actual error is not indicated on the errors page and I do not know where to look to find it.
    I am not able to open an SR as our Oracle license is through SAP and I do not have access to Oracle My support.
    Dave

  • EM12cR3: Compliance standards created in R2 (pre-upgrade) not editable (with workaround)

    Just wanted to drop this out there in case anyone else runs into the same issue as I did and needs the simple workaround.
    I have several compliance standards I created in EM12cR2.  After upgrading to EM12cR3, I am unable to add rules to those compliance standards.  Attempts to do so yield an error message stating "Compliance Standard Error" and "Standard (name) has been updated", as shown in this image: http://img163.imageshack.us/img163/4239/s113.png
    Workaround:  Do a "Create Like" on your pre-R3 compliance standards and save a copy under a new name.  Associate your targets to the copy and disassociate them from the original.  The new compliance standard can then be edited with no trouble.

    Hi Dave,
    Thanks for the response.  I've been attempting to do this with the same user account as was used to originally create the compliance standard and to associate targets to it (my account has EM_ALL_ADMINISTRATOR, EM_COMPLIANCE_DESIGNER, EM_COMPLIANCE_ADMINISTATOR, etc so it should have all necessary permissions).  To try to rule out a permissions issue, I just tried to repeat this test while logged in as SYSMAN and I received the same error (both while adding a rule owned by a SYSMAN and while adding a rule owned by the original user account).  I've also confirmed that it occurs for both users even with no targets associated to the standard.  It occurs with both customized rules and with out-of-the-box rules that I have not customized.
    This isn't a big issue for me (since everything works fine after a Create Like and moving targets to the new standard), but I do have a couple standards in my library exhibiting this behavior if you think this is worth an SR for support to investigate.  The workaround is flawless as far as I can tell, but maybe an issue for sites with hundreds/thousands of targets.  I only have 10 per standard so it doesn't take long to re-associate them to the new standard.
    -Brian

  • Diff betn. Oracle8i Standard and Enterprise edition

    Can someone tell me the difference between Oracle8i Standard and Enterprise edition ?
    Thanks.

    Here's the Oracle white paper on the subject...
    http://otn.oracle.com/products/oracle9i/pdf/9idb_rel2_prod_fam.pdf
    Justin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

  • I don't understand correlation between ACL and dACL. If dACL is downloaded to the Catalyst switch what is the status of the ACL

    Understanding  ISE and dACL.
     I don't understand correlation between ACL and dACL.
     If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-list int fa0/1’ I can see only dACL for access domain and dACL for voice domain appended to the previous dACL and no ACL lines.
     Regards,
    Vice

    Hi,
    Downloadable ACLs (dACL) are applied from your RADIUS server based on authentication and authorization policies.  It overrides any standard interface ACL.
    Standard interface ACLs are in place to limit traffic on the port before 802.1x or MAB authentication.
    When an authenticated session terminates on the interface the standard ACL will be re-applied until the next authentication.

  • Correlation between namespace and add-on software component?

    Hi
    I need answers for the following questions
    1. Is namespace a unique identifier for an Add-On software component?
    2. Does the SAP system identify ABAP add-ons "only" based on the namespace? Post installation of an add-on, in the system status one finds the namespace in the list as installed software component.
    3. If the above is true, this means I cannot have multiple add-on software components under a single namespace. Is this correct?
    4. Could you explain in detail the correlation between namespace, add-on software component, add-on software component version and associated development objects?
    Thanks!

    Here you go:
    Installations and Upgrades -->  Entry by Application Group" -->  SAP Solutions for Governance, Risk, and Compliance"
    -->  SAP GRC Access Control --> SAP GRC ACCESS CONTROL -->  SAP GRC ACCESS CONTROL 5.3
    SAP GRC ACCESS CONTROL 5.3
       Installation
       Language Version
       Adapters
    click on installation --> download the  zip file 51035605
    uncar it using SAPCAR. 
    you will get your desired file.
    Cheers !!!
    Ashish

Maybe you are looking for