Controls
Compensating Controls:
- Exploiting technology known as triggers. Triggers are user-written code, or DBA-written code, that gets inserted into the database and gets executed whenever an insert or an update or a delete occurs.
Cons:
a.) Transaction performance could suffer.
b.) This solution does not provide 100% assurances of an incorruptible audit trail.
c.) Triggers can be modified by anyone who has the appropriate privileges. - Implement application-based auditing.
Con:
Effective only if no other application or utility can access the database(s). - Perform auditing on a per-database, per-table, per-column, or per-user basis.
Con:
Labor intensive for IT. Would require a manual review the audit report and verify (before/after) what was changed and sign-off that the change was authorized and acceptable.
Control evaluation considerations by Internal Audit: The overall control evaluation cannot be determined until after the compensating controls have been reviewed and tested within the environment. If the compensating controls fail or are deemed inadequate the control issue could potentially be classified as a Significant Deficiency due to its pervasive nature and inability to validate that no unknown or inappropriate adjustments have been executed.
The best control environment surrounding databases is to have the ability to track and review, any and all adds, deletes and modifications to the databases.
Read more about this topic: Restricting Access To Databases
Famous quotes containing the word controls:
“If the Party could thrust its hand into the past and say of this or that event, it never happened—that, surely, was more terrifying than mere torture and death. ... “Who controls the past,” ran the Party slogan,”controls the future: who controls the present controls the past.””
—George Orwell (1903–1950)
“We’ve got to figure these things a little bit different than most people. Y’know, there’s something about going out in a plane that beats any other way.... A guy that washes out at the controls of his own ship, well, he goes down doing the thing that he loved the best. It seems to me that that’s a very special way to die.”
—Dalton Trumbo (1905–1976)
“The confusion of emotions with behavior causes no end of unnecessary trouble to both adults and children. Behavior can be commanded; emotions can’t. An adult can put controls on a child’s behavior—at least part of the time—but how do you put controls on what a child feels? An adult can impose controls on his own behavior—if he’s grown up—but how does he order what he feels?”
—Leontine Young (20th century)