SQL Database Audit Planning

Slides:



Advertisements
Similar presentations
REDCap Executive Overview
Advertisements

Understand Database Security Concepts
Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
Security and Integrity
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.
Concepts of Database Management Seventh Edition
Development plan and quality plan for your Project
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Chapter 7 Database Auditing Models
Business Acquisition Process Implementation & transition Closing Negotiation of the transaction Due Diligence Engagement TargetIdentification.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
Chapter 15 Database Administration and Security
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Systems Security Computer System Life Cycle Security.
Concepts of Database Management Sixth Edition
David N. Wozei Systems Administrator, IT Auditor.
Concepts of Database Management Eighth Edition
Security Architecture
Today’s Lecture Covers < Chapter 6 - IS Security
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Instructor: Dema Alorini Database Fundamentals IS 422 Section: 7|1.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Chapter 2 Securing Network Server and User Workstations.
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Systems Analysis & Design AUTHOR: PROFESSOR SUSAN FUSCHETTO 10/24/
IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Database Administration Advanced Database Dr. AlaaEddin Almabhouh.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
Presenter: Igna Visser Date: Wednesday, 18 March 2015
WSU IT Risk Assessment Process
Software Configuration Management
Chapter 16 Database Administration and Security
Pre-Execution Process Review Presentation
Description of Revision
Audit Findings: SQL Database
TRINITY UNIVERSITY HOSPITAL INTERNAL EXIT MEETING
SQL Server OLTP with Microsoft Azure Virtual Machines
Office 365 Security Assessment Workshop
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Audit Planning Presentation - Disaster Recovery Plan
Active Directory Audit
CHANGE MANAGEMENT FOR WINDOWS OS
Technology Audit Plan ----BCSY University
Internal Audit Life Cycle
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Systems Design Chapter 6.
Information Security Awareness
Business Application Development
IS4680 Security Auditing for Compliance
Kick-Off Presentation Name of Project Manager Date
TRINITY UNIVERSITY HOSPITAL
Joint Application Development (JAD)
IT SERVICE CONTINUITY PLAN
Domino Group – Recovery Plan Assessment
Anatomy of a Common Cyber Attack
Presentation transcript:

SQL Database Audit Planning Parneet Toor, Jing Jiang, Vittorio DiPentino, Xinteng Chen,Yingyan Wang

Technology background overview Scope of audit Risk assessment Audit resources and responsibilities Key dates and deliverable

Technology Background Company’s database is mainly managed with SQL database system. SQL is an abbreviation for Structured Query Language, which is used to interact with a database. Can be used to retrieve large amounts of record, easier to manage database system, enable several users to access the same database simultaneously. 1974 1979 1986 D.D. Chamberlin & Raymond F. Boyce-SEQUEL First SQL product-Oracle V2 ANSI SQL standard released

Audit Scope Confidentiality Database Authentication Strong password protection Logs out after 5 minute idle time Database Authorization Access control model Read/write Remote Access Restrict access Integrity Logging and Monitoring Record of metadata Log in times, edis and viewed data System Backup Backup schedule and methodology

Risk Assessment Risk Risk Assessment Risk Rating Rationale Control Impact Moderate Overall Improper authorization High Unauthorized disclosure, modified, and disruption. Frequently attack action (insider and outsider) Role-based Control and Review audit trail periodic Backup and recovery Lack of backup and recovery causes data loss. Company has awareness of this but without adequate method. Business continuity plan, Recovery point objective, Disaster response team Software updating Old version software has weakness for attacking. Automatically updating is usually recommended Automatically update for software. Confirm the current version with vendors.

Audit Resources and Responsibilities The table blow is time allocation for the internal auditing process. Every auditor should follow the time to engage to works. Name Role Resources (Time) Allocated to each step of auditing Total Hours Preparing Testing Reporting Vittorio DiPentino Internal auditor manager 40 240 320 Parneet Toor Project team leader 30 260 Jing Jiang Staff auditor 20 280 Yingyan Wang Xinteng Chen

Key Dates and Deliverables Audit Phase( Deliverables) Timeline Kick-off Meeting 03/01/2018 Planning 03/03/2018 - 03/10/2018 Informational conference 03/11/2018 Field Work 03/11/2018 - 04/04/2018 04/04/2018 Analyzing 04/05/2018 - 04/22/2018 04/22/2018 Report drafting & Issuance 04/23/2018 - 04/30/2018 Final audit report 04/30/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.