ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Changing Responsibilities When Auditing a DBMS

The Changing Responsibilities When Auditing a DBMS

| Published: 11/17/2014 3:03 PM | Category: Audit-Assurance | Permalink | Email this Post | Comments (0)
Mushfiqur RahmanMuhammad. Mushfiqur Rahman, CISA, CCNA, CEH, ITIL V3, MCITP, MCP, MCSE, MCTS, OCP, SCSA
 
Database management systems (DBMS) are rapidly changing their technological capabilities. This advanced technology provides a wide range of flexibility when using a DBMS, but also increases the likelihood of attacks. These DBMS advances also drive massive and rapid increases in the number of people with access to them.

The speed of these changes has no precedent in human history, and the power of these technologies has transformed the work environment and our personal lives and brought with it many positive contributions.

It is very important for an auditor to know about the new changes of the DBMS, otherwise a set of undetected vulnerabilities may cause a distortion of the company image, reputation and business losses. We have by now learned that technology is never perfect; by design, hardware vulnerabilities and software errors can be impossible to totally avoid.
 
In my recent Journal article, I discussed the Oracle database auditing steps, which uses penetration of the Oracle database to ensure compliance with the organization’s security policy. The users or Oracle database administrators who use sophisticated DBMS technologies have limited knowledge or even awareness of security issues and what their roles are in managing them. In this article I have tried to identify those security issues to be aware of and to initiate a discussion with the peers around the globe.

Read Muhammad Mushfiqur Rahman’s recent Journal article:
Auditing Oracle Database,” ISACA Journal, volume 6, 2014.

Comments

There are no comments yet for this post.
Email