Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Database Audit Planning

Published byDebra Welch Modified over 6 years ago

Similar presentations

Presentation on theme: "SQL Database Audit Planning"— Presentation transcript:

1 SQL Database Audit Planning
Parneet Toor, Jing Jiang, Vittorio DiPentino, Xinteng Chen,Yingyan Wang

2 Technology background overview
Scope of audit Risk assessment Audit resources and responsibilities Key dates and deliverable

3 Technology Background
Company’s database is mainly managed with SQL database system. SQL is an abbreviation for Structured Query Language, which is used to interact with a database. Can be used to retrieve large amounts of record, easier to manage database system, enable several users to access the same database simultaneously. 1974 1979 1986 D.D. Chamberlin & Raymond F. Boyce-SEQUEL First SQL product-Oracle V2 ANSI SQL standard released

4 Audit Scope Confidentiality Database Authentication
Strong password protection Logs out after 5 minute idle time Database Authorization Access control model Read/write Remote Access Restrict access Integrity Logging and Monitoring Record of metadata Log in times, edis and viewed data System Backup Backup schedule and methodology

5 Risk Assessment Risk Risk Assessment Risk Rating Rationale Control
Impact Moderate Overall Improper authorization High Unauthorized disclosure, modified, and disruption. Frequently attack action (insider and outsider) Role-based Control and Review audit trail periodic Backup and recovery Lack of backup and recovery causes data loss. Company has awareness of this but without adequate method. Business continuity plan, Recovery point objective, Disaster response team Software updating Old version software has weakness for attacking. Automatically updating is usually recommended Automatically update for software. Confirm the current version with vendors.

6 Audit Resources and Responsibilities
The table blow is time allocation for the internal auditing process. Every auditor should follow the time to engage to works. Name Role Resources (Time) Allocated to each step of auditing Total Hours Preparing Testing Reporting Vittorio DiPentino Internal auditor manager 40 240 320 Parneet Toor Project team leader 30 260 Jing Jiang Staff auditor 20 280 Yingyan Wang Xinteng Chen

7 Key Dates and Deliverables
Audit Phase( Deliverables) Timeline Kick-off Meeting 03/01/2018 Planning 03/03/ /10/2018 Informational conference 03/11/2018 Field Work 03/11/ /04/2018 04/04/2018 Analyzing 04/05/ /22/2018 04/22/2018 Report drafting & Issuance 04/23/ /30/2018 Final audit report 04/30/2018

8

Download ppt "SQL Database Audit Planning"

Similar presentations

REDCap Executive Overview

REDCap Executive Overview
Understand Database Security Concepts

Understand Database Security Concepts
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Security and Integrity

Security and Integrity
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.

IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Development plan and quality plan for your Project

Development plan and quality plan for your Project
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Business Acquisition Process Implementation & transition Closing Negotiation of the transaction Due Diligence Engagement TargetIdentification.

Business Acquisition Process Implementation & transition Closing Negotiation of the transaction Due Diligence Engagement TargetIdentification.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.

© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
Chapter 15 Database Administration and Security

Chapter 15 Database Administration and Security
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Concepts of Database Management Sixth Edition

Concepts of Database Management Sixth Edition

Similar presentations

Ads by Google