Restricting Access To Databases - Controls

Controls

Compensating Controls:

  1. Exploiting technology known as triggers. Triggers are user-written code, or DBA-written code, that gets inserted into the database and gets executed whenever an insert or an update or a delete occurs.
    Cons:
    a.) Transaction performance could suffer.
    b.) This solution does not provide 100% assurances of an incorruptible audit trail.
    c.) Triggers can be modified by anyone who has the appropriate privileges.
  2. Implement application-based auditing.
    Con:
    Effective only if no other application or utility can access the database(s).
  3. Perform auditing on a per-database, per-table, per-column, or per-user basis.
    Con:
    Labor intensive for IT. Would require a manual review the audit report and verify (before/after) what was changed and sign-off that the change was authorized and acceptable.

Control evaluation considerations by Internal Audit: The overall control evaluation cannot be determined until after the compensating controls have been reviewed and tested within the environment. If the compensating controls fail or are deemed inadequate the control issue could potentially be classified as a Significant Deficiency due to its pervasive nature and inability to validate that no unknown or inappropriate adjustments have been executed.

The best control environment surrounding databases is to have the ability to track and review, any and all adds, deletes and modifications to the databases.

Read more about this topic:  Restricting Access To Databases

Famous quotes containing the word controls:

    If the Party could thrust its hand into the past and say of this or that event, it never happened—that, surely, was more terrifying than mere torture and death. ... “Who controls the past,” ran the Party slogan,”controls the future: who controls the present controls the past.”
    George Orwell (1903–1950)

    Comparatively, we can excuse any offense against the heart, but not against the imagination. The imagination knows—nothing escapes its glance from out its eyry—and it controls the breast.
    Henry David Thoreau (1817–1862)

    Ask anyone committed to Marxist analysis how many angels on the head of a pin, and you will be asked in return to never mind the angels, tell me who controls the production of pins.
    Joan Didion (b. 1934)