Restricting Access
Steps to restrict database access within an organization:
- Implement Separation of duties (SOD) a preventive control.
- Establish test and production environments which is preventive control.
- Restrict user account and Database administrator access which is a preventive control.
- Turn on audit trails, monitoring software, or exception reports which are detective controls.
Elements to restrict include:
- Data access (Successful/Failed Selects)
- Data Changes (Insert, Update, Delete)
- System Access (Successful/Failed Logins; User/Role/Permissions/Password changes)
- Privileged User Activity (All)
- Schema Changes (Create/Drop/Alter Tables, Columns, Fields)
Read more about this topic: Restricting Access To Databases
Famous quotes containing the words restricting and/or access:
“We enunciate a grand principle, then we are timid and begin restricting its application. We are a nation of infidels to principle.”
—Mary F. Eastman, U.S. suffragist. As quoted in History of Woman Suffrage, vol. 4, ch. 7, by Susan B. Anthony and Ida Husted Harper (1902)
“Power, in Case’s world, meant corporate power. The zaibatsus, the multinationals ..., had ... attained a kind of immortality. You couldn’t kill a zaibatsu by assassinating a dozen key executives; there were others waiting to step up the ladder; assume the vacated position, access the vast banks of corporate memory.”
—William Gibson (b. 1948)