Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
CHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ing components that affect the operational security of your data stores:•Database permissions•Operating system security•Password strength and management features•Activity monitoring•Database encryption•Database vulnerabilities, integrity, and the patching processBackgroundTilt- term dalabase typical Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ly refers to a relational database management system (RDBMS). Database management systems (DBMS) maintain data records and their relationships, or indEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
exes, in tables. Relationships can be created and maintained across and among the data and tables.rhe more generic term database can be applied IO anyCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 er, in this chapter, we focus on auditing a full-blown RDBMS.Typically, an audit includes a fairly in-depth review of various areas, including the perimeter, the operating system, policies, and so on. If time allows, an audit might cover one or two of the most critical databases. Databases are compl Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ex beasts requiring patience and technical know-how to audit and secure properly. I lowever, neglecting a database audit is a serious error. DatabasesEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
are the virtual lockboxes of the information age. Where do organizations store their most valuable assets? Not in perimeter devices, not in an e-mailCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ere that data "lived" when it was attacked? In a database!Databases live both a blessed and a cursed existence. Databases are blessed because they are rarely exposed to the types of attacks that your web servers, firewalls, and other systems confront. Databases should be and almost always are buried Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 deep and far behind the firewall. Most organizations are smart enough to know- not to place their most237IT Auditing: Using Controls to Protoct InforEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
mation Assets, Second Edition 238valuable data out in the unsecured public network, of course, some attacks, such as SQL injection, can easily make thCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 and auditing your databases are often considered afterthoughts, something to be done if you have extra lime and maybe just on one or two critical databases. This has led to a situation in which database security typically is left in a shabby condition. I he typical database administrator believes th Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 at the database is far enough behind the firewall that even rudimentary security measures aren't necessary'.The secured perimeter might sene as enoughEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
protection for the database in a perfect world. I Infortunately, we don't live in a perfect world, and the firewall is no longer a valid “last line oCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 he weak link in the security chain. And. luckily, a few relatively simple recommendations can create vast improvements in database security.Database Auditing EssentialsTo audit a database effectively, you need a basic understanding of how a database works You need to understand a broad set of compon Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ents to audit a database properly. Here's a little history lesson.In the early 1990s, applications were written using the client-server model, which cEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
omprised a desktop program connecting over a network directly to a database back end. Ibis was referred to as a two-tier application. In the late 1990CHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 hen connected to the database backend. Three-tiered applications were a great step forward. Il meant that custom software didn't need to be installed on evety client workstation, and software updates could be applied to a central server. (Jients could run any’ operating system that supported a basic Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 browser. Moreover, in the three-tiered model, securing the database was much simpler.Of course, the infrastructure required by' the database to suppoEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
rt two-tier applications still exists in database backends for three-tiered applications. I he danger now exists that an attacker will circumvent the CHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 s Oracle or DB2. However, any medium sized or large organization typically will use a sampling of many different database platforms. Following is a summary' of the most common databases and vendors, along with a short overview of each.OracleOracle Corporation is the largest database vendor and suppl Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ies an entire series of databases. In addition, Oracle Corporation has grown beyond standard database softwareChapter 9: Auditing Databases 239to provEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
ide a variety of products including but not limited to web servers, development tools, identity-management software, a collaboration suite, and multipCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 ture set. The database comes in multiple flavors, including Standard Edition, Enterprise Edition, Oraclel.ite, lixpress Edition, and others. Most Oracle databases you audit will be either Standard Edition or Enterprise Edition. I he features are fairly similar; however, the advanced features in Ente Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 rprise Edition are changing constantly, so you will need to access the Oracle website to check the exact feature sets included in the version you areEbook IT Auditing: Using controls to protect information systems (Second edition) - Part 2
auditing.Oracle also has branched out into other databases, having purchased several other database vendors, including the following:•sleepycat SoftwaCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followi Ebook IT Auditing: Using controls to protect information systems (Second edition) - Part 2 InnoDB, a transaction engine for the MySQL databaseIBMCHAPTERAuditing DatabasesIn this chapter we discuss auditing the lockboxes of company information.We will discuss how to conduct audits on the followiGọi ngay
Chat zalo
Facebook