Bài giảng Bảo mật cơ sở dữ liệu: Chapter 7 - Trần Thị Kim Chi

Bài giảng "Bảo mật cơ sở dữ liệu - Chapter 7: Database auditing models" trình bày các nội dung: Gain an overview of auditing fundamentals, understand the database auditing environment, create a flowchart of the auditing process, list the basic objectives of an audit. Mời các bạn cùng tham khảo.
Nội dung trích xuất từ tài liệu:
Bài giảng Bảo mật cơ sở dữ liệu: Chapter 7 - Trần Thị Kim Chi Database Security and Auditing: Protecting DataIntegrity and Accessibility Chapter 7 Database Auditing Models Objectives• Gain an overview of auditing fundamentals• Understand the database auditing environment• Create a flowchart of the auditing process• List the basic objectives of an auditDatabase Security and Auditing 2 Objectives (continued)• Define the differences between auditing classifications and types• List the benefits and side effects of an audit• Create your own auditing modelsDatabase Security and Auditing 3 Auditing Overview• Audit examines: documentation that reflects (from business or individuals); actions, practices, conduct• Audit measures: compliance to policies, procedures, processes and lawsDatabase Security and Auditing 4 Definitions• Audit/auditing: process of examining and validating documents, data, processes, procedures, systems• Audit log: document that contains all activities that are being audited ordered in a chronological manner• Audit objectives: set of business rules, system controls, government regulations, or security policiesDatabase Security and Auditing 5 Definitions (continued)• Auditor: person authorized to audit• Audit procedure: set of instructions for the auditing process• Audit report: document that contains the audit findings• Audit trail: chronological record of document changes, data changes, system activities, or operational eventsDatabase Security and Auditing 6 Definitions (continued)• Data audit: chronological record of data changes stored in log file or database table object• Database auditing: chronological record of database activities• Internal auditing: examination of activities conducted by staff members of the audited organization• External auditingDatabase Security and Auditing 7 Auditing Activities• Evaluate the effectiveness and adequacy of the audited entity• Ascertain and review the reliability and integrity of the audited entity• Ensure the organization complies with policies, procedures, regulations, laws, and standards of the government and the industry• Establish plans, policies, and procedures for conducting auditsDatabase Security and Auditing 8 Auditing Activities (continued)• Keep abreast of all changes to audited entity• Keep abreast of updates and new audit regulations• Provide all audit details to all company employees involved in the audit• Publish audit guidelines and procedures• Act as liaison between the company and the external audit teamDatabase Security and Auditing 9 Auditing Activities (continued)• Act as a consultant to architects, developers, and business analysts• Organize and conduct internal audits• Ensure all contractual items are met by the organization being audited• Identify the audit types that will be usedDatabase Security and Auditing 10 Auditing Activities (continued)• Identify security issues that must be addressed• Provide consultation to the Legal DepartmentDatabase Security and Auditing 11 Auditing Environment• Auditing examples: – Financial auditing – Security auditing• Audit also measures compliance with government regulations and laws• Audits take place in an environment: – Auditing environment – Database auditing environmentDatabase Security and Auditing 12 Auditing Environment (continued)• Components: – Objectives: an audit without a set of objectives is useless – Procedures: step-by-step instructions and tasks – People: auditor, employees, managers – Audited entities: people, documents, processes, systemsDatabase Security and Auditing 13 Auditing Environment (continued)Database Security and Auditing 14 Auditing Environment (continued)Database Security and Auditing 15 Auditing Environment (continued)• Database auditing environment differs slightly from generic auditing environment• Security measures are inseparable from auditingDatabase Security and Auditing 16 Auditing Process• Quality Assurance (QA): – Ensure system is bug free and functioning according to its specifications – Ensure product is not defective as it is being produced• Audi ...