Ian Cooke, CISA, CGEIT, CRISC, COBIT Foundation, CFE, CPTS, DipFM, ITIL Foundation, Six Sigma Green Belt
According to DB Engines
, the Microsoft SQL Server Database is the 3rd most popular database management system in use today.
The Microsoft SQL Server Database is particularly popular with small- and medium-sized enterprises due to its relative lack of complexity and ease of use. These small- and medium-sized enterprises typically have fewer IT resources than large enterprises, which, in turn, could mean less oversight of the database. For example, the cost of a Microsoft SQL Server Database scanner may be prohibitive for these smaller companies. Similarly, they may not have the budget to pay for a consultancy to review the database configuration against accepted best practice.
In such instances, computer-assisted audit techniques (CAATs) may provide the answer. CAATs can be tailored for multiple tasks and, when combined with information taken directly from the SQL Server database, they can be used to provide assurance for a number of risk factors, including many of those defined in the main SQL Server Security Standards. Furthermore, the company can build and define its own standards within the CAAT software. These standards can then be used as a basis to compare against all of the company’s databases, thus increasing compliance and speeding up the audit process. This technique provides an efficient, cost-effective method of providing assurance over the company’s Microsoft SQL Server Databases.
Read Ian Cooke’s recent Journal article:
“Auditing SQL Server Databases Using CAATs,” ISACA Journal, volume 1, 2015.