Auditing IT components using CAATs

Before we get into auditing SQL Server permissions a reminder of a few definitions might be helpful...

Posted on 11/10/2012 8:47 AM by Ian Cooke | Comments (3)

We have already seen that OS/400 passwords are controlled using system values (http://www.isaca.org...

Posted on 10/19/2012 7:12 AM by Ian Cooke | Comments (0)

According to the IBM System i (AS/400) security guide “system values represent the foundation upon ...

Posted on 10/6/2012 8:48 AM by Ian Cooke | Comments (0)

In a typical AS/400 RPG / Cobol application access is provided through the users OS/400 profile.OS/...

Posted on 9/29/2012 10:32 AM by Ian Cooke | Comments (0)

During an audit you may find that shell scripts are used to connect to your Oracle database (these ...

Posted on 9/29/2012 7:27 AM by Ian Cooke | Comments (0)

As with configurations the company you are auditing should have a policy on password controls. We h...

Posted on 9/22/2012 11:29 AM by Ian Cooke | Comments (0)

The company you are auditing should have a policy on how their SQL Server databases are configured....

Posted on 9/18/2012 6:56 AM by Ian Cooke | Comments (1)

Typically application access to a SQL Server database is via one of two methods. Either all users a...

Posted on 9/15/2012 1:42 PM by Ian Cooke | Comments (2)

The main idea I am trying to advocate with these posts is a simple one. Compare a database you are ...

Posted on 3/29/2012 2:25 PM by Ian Cooke | Comments (1)

ISACA: Serving IT Governance Professionals