1. Field of the Invention
The present invention generally relates to data security, and more specifically, relates to a system and method that audit information regarding data access.
2. Description of the Related Art
Nowadays, in any commercial and business setting, an action from an end-user at any workstation in a system with many subsystems may trigger innumerous data transactions throughout sub-systems. For example, a person can sit in front of his home computer can visit a website and make a purchase of a product. This purchasing act will cause many actions to happen in one or more systems, for example, the information regarding the person may be recorded, the payment information may be recorded, the information about the product may be retrieved and displayed to the person, and the purchase information may be stored.
The information about these actions may be recorded by the front-end website host but the real users and actions are not associated with the back-end data transactions where data changes are made. Therefore, for a system accessed by thousands people each day, the retrieved information about a database access or communication between two sub-systems cannot be readily associated with the person who caused the actions to happen, neither for the business operations triggering data transactions. Thus, making difficult to audit the meaningful business transactions.
Therefore, there is a need for a system and method that audits transactions and records transactions associated with real users and business operations, and it is to this system the present invention is primarily directed to.