| Current legislation demands organizations to responsibly manage sensitive
data. To achieve compliance, data auditing must be implemented in information systems.
In this paper we propose a data auditing architecture that creates data audit reports out
of simple audit events at the technical level. We use complex event processing (CEP)
technology to obtain composed audit events out of simple audit events. In two scenarios
we show how complex audit events can be built for business processes and application
users, when one database user is shared between many application users, as found in
multi-tier architectures. |