issc431 discussion response database security auditing
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
For this assignment, answer the following:
- What is the purpose of an audit?
- What information is contained within an audit trail?
- What are the advantages and disadvantages of using an audit trail?
What is the purpose of an audit?
The ultimate objective of an audit is to review the controls in place, identify the weaknesses, and report these areas for improvement. The only fool proof way to ensure that the security measures are working is to test them. By testing them, either with an external or internal audit, it is much easier to pin point the breakdowns in process, procedure, policy, and technical controls. (Basta, Zgola, & Bullaboy, 2012)
What information is contained within an audit trail?
The information in an audit trail depends on the policy that has been configured by the database administrator. This audit trail can include a lot of items or just a few. Some of the items that might be included are listed below:
- User logins (successful and unsuccessful)
- Processes that are executed and the date and time they are executed
- Changes to Table sand Rows
- Changes to permissions and objects
- Scheme updates
- Password changes
- Commands like INSERT, DELETE, SELECT, etc.
(Various Techniques to Audit, 2018)
What are the advantages and disadvantages of using an audit trail?
Using an audit trail makes it much easier for administrators and auditors when an audit is being conducted because it provides a convenient log of all the actions on the server or database. Having an audit trail is also helpful even when an audit is not ongoing. The audit trail can show what changes were made and by whom, which can make it much easier to troubleshoot problems or identify malicious/accidental changes. Having an audit trail can help to prevent the finger pointing exercise because attribution is a lot easier.
However, the audit trail is not a magic wand. Audit logs can be large and can consume a lot of resources (storage, CPU, RAM, etc.) It is important to make sure that the logs donâ€™t over run the server. Many organizations will offload the logs to another location and use a Security Information and Event Management (SEIM) tool to aggregate them. It is important to remember to protect the integrity of the logs as well from anyone who might want to delete or modify them. The logs should be replicated or stored somewhere safely in a read only state at a minimum. (Basta, Zgola, & Bullaboy, 2012)
Basta, A., Zgola, M., & Bullaboy, D. (2012). Database security. Boston, MA: Course Technology/Cengage Learning.
Various techniques to audit SQL Server databases. (2018, November 19). Retrieved June 19, 2019, from https://www.sqlshack.com/various-techniques-to-audit-sql-server-databases/
Hello class this week weâ€™ll be discussing information concerning audits, the purpose of audits, and the advantages/ disadvantages of an audit as well.
What is the purpose of an audit?
This question may seem simple and straight forward, but an audit isnâ€™t quite the same for every system. Particular systems, such as a MySQL database, can encompass several key audit requirements in order to remain in compliance with regulation and standards. For example, a database system providing services for patient health care records will need to undergo audit standards in compliance with HIPPA. A database system storing credit card information will need to be compliance with PCI-DSS. The National Institute of Standards and Technology (NIST) provides organizations with regulatory guidance on specific audit standards for a variety of informational needs. Audits can include, system architecture designs, firewall placement, IDS and IPS placement, system security scans, patch management updates, and least privileged access requirements. Also, an audit can produce whether or not organizations are utilizing correct logging procedures or access controls to track and maintain accurate records for traffic analysis and event management for database traffic.
What information is contained in an audit trail?
In a nutshell, an audit trail can provide sufficient information or events pertaining to information systems providing records of who logged in, what traffic passed through network monitors, and exactly what information was accessed. An audit trail should provide enough information to paint a picture for an auditor on exactly what occurred on a system.
What are the advantages and disadvantages of an audit trail?
Records leading up to an event, traffic logging, event logging, and network activity.
User training, network resource consumption, storage consumption, and extra cost.