Database auditing models

Introduction
Another key aspect of data confidentiality, integrity,
and accessibility is presented database auditing,
thus providing the full complement to database
security.
The two concepts are inseparable.
Together they ensure that your data is protected.
We ensure that data is well guarded through database
auditing.

Introduction
Database security is not effective without database
auditing and vice versa.
To prevent data violations, the best practice is to have
both database security and auditing in place

Database Security & Auditing:
Protecting Data Integrity &
Accessibility 5
Auditing Overview
Audit examines: documentation that reflects (from
business or individuals); actions, practices, conduct
Audit measures:
compliance to policies,
procedures,
processes and laws

Auditing overview
Audit/ Auditing: The process of examining and
validating documents, data, processes, procedures,
system, or other activities to ensure that the audited
entity complies with its objectives.
Audit log: A document that contains all activities
that are being audited ordered in a chronological
manner.
Usually, an automated system generates the log.

Auditing overview
Audit objectives: A set of business rules, system
controls, government regulations, or security policies
against which the audited entity is measured to
determine compliance.
Auditor: A person who is authorized to examine,
verify, and validate documents, data, processes,
procedures, systems, or activities and to produce an
audit report

Auditing overview
Audit procedure: A set of step-by-step instructions
for performing the auditing process.
Audit report: A document that contains the audit
findings and is generated by individuals conducting
the audit.
Audit trail: A chronological record of document
changes, data changes, system activities, or
operational events.

Auditing overview
Data audit: A chronological record of data changes
stored in a log file or a database table object.
Database auditing: A chronological record of
database activities, such as shutdown, startup, logons,
and data structure changes of database objects.

Auditing overview
Internal auditing: An examination, verification, and
validation of documents, processes, procedures,
systems, or activities conducted by staff members of
the organization being audited.
External auditing: An examination, verification, and
validation of documents, processes, procedures,
systems, or activities conducted by staff members
outside of the organization being audited.

Auditing Activities
Auditing activities are performed as a part of an audit,
audit process, or audit plan.
Some of these activities can be thought of as the
auditor’s responsibilities or they can be incorporated
into an organization’s audit policies.

Auditing Environment
An auditing can be conducted as a review of the
enforcement of security policies and procedures.
These are only a few of the many reasons for audits.
However, as diverse as these audits are, they all take
place in an auditing environment

Objectives: An audit without a set of objectives is
useless. To conduct an audit we must know what the
audit entity is to be measured against.
Procedures: To conduct an audit, step-by-step
instructions and tasks must be documented ahead of
time.

People: Every auditing environment must have an
auditor, even in the case of an automatic audit.
Audited entities: This includes people, documents,
processes, systems, activities, or any operations that
are being audited.

Components of DB Auditing
Environment

Environment
The auditing environment present is applicable to all
aspects of the business including the database.
The auditing environment for database auditing
differs slightly from the generic auditing environment
in that it distinguishes the database from the other
auditable entities

Environment
When designing an auditing model for database
application.
We need to account for all the components shown in
the figure to ensure auditing model is complete and
effective.
Design and develop an application system or business
process that requires auditing, we must think about
every objective related to these components.

Auditing Process
The auditing process ensures that the system is
working and complies with the policies, standards,
regulations, or laws set forth by the organizations.
Auditing is also not the same as performance
monitoring.
Their objectives are totally different.

Auditing Process
The main objective of performance monitoring is to
observe if there is degradation in performance at
various operation times, which is totally different
from auditing.
Auditing validates compliance to policy, not
performance.

Auditing Process
Difference in QA, auditing and performance monitoring
QA Process Timing : During Development and before
product is commissioned into production
Auditing Process Timing : After product is commissioned
into production
Performance Monitoring Process Timing : After product is
commissioned into production

Auditing Process
Difference in QA, auditing and performance
monitoring
QA : Test the product to make sure it is working
properly and is not defective.
Performance Monitoring : Monitor Response Time

Auditing Process
The first block on the left is the full system
development life cycle, known as SDLC.
In this block the system goes through a structured
process of development.
One of the phases in this block is QA testing, which is
designed to identify bug in the code and make sure
the system fulfills the requirements of the functional
specifications

Auditing Process
The first phase of the process is to understand the
objectives of the audit and plan a procedure to
execute the auditing process.
The second phase is to review, verify, and validate the
system according to the objectives set in the previous
phase.

Auditing Process
Divergence from the auditing objectives is
documented.
In this phase we are observing what is happening.
The last phase is to document the results of the audit
and recommend changes to the system.

Auditing objectives
Auditing objectives are established and documented for
the following reasons
Complying: identify all company policies, government
regulation, laws, and the industry standards with which
company comply.
Informing: All policies, regulations, law, and standard
must be published and communicated to all parties
involved in the department and operation of the audited
entity.

Auditing objectives
Planning: All the objectives enables the auditor to plan
and document procedures to assess the audited entity.
Executing: without auditing objectives, the person
conducting the audit cannot evaluate, verify, or review the
audited entity and cannot determine if the auditing
objectives have been met.

Auditing objectives
Here are the top ten database auditing objectives:
Data integrity: Ensure that data is valid and in full
referential integrity.
Application users and roles: Ensure that users are
assigned roles that correspond to their responsibilities and
duties.
Data confidentiality: Identify who can read data and
what data can be read.

Auditing objectives
Data changes: create an audit trail of all data changes.
Data structure changes: Ensure that the database logs all
data structure changes.
Database or application availability: Record the
number of occurrences and duration of application or
database shutdowns and all startup times.

Auditing objectives
Change control: Ensure that a change control mechanism in
incorporated to track necessary and planned changes to the database
or application.
Physical access: Record the physical access to the application or the
database where the software and hardware resides.
Auditing reports: Ensure that reports are generated on demand or
automatically, showing all auditable activities

Auditing classification and types
Every industry and business sector uses different
classifications of audits.
In addition, the definition of each classification can differ
from business to business. These categories are applicable
to all industries.

Internal Audit
An internal audit is an audit that is conducted by a staff
member of the company being audited.
The purpose and intention of an internal audit is to;
Verify that all auditing objectives are met by conducting a
well-planned and scheduled audit.

Investigate a situation that was prompted by an internal
event or incident. This audit is random, not planned or
scheduled.
Investigate a situation that was prompted by an external
request. This audit is random, not planned

External Audit
An external audit is conducted by a party outside the company
that is being audited.
The purpose and intention of this audit it to
Investigate the financial or operational state of the company.
Verity that all auditing objectives are met. This is a planned and
scheduled.

Automatic Audit
An automatic audit is prompted and performed
automatically.
These audit are used mainly for systems and database
systems.
Some systems that employ this type of audit generate
report and logs.

Manual Audit
Manual Audit is performed completely by humans.
The audit team uses various methods to collect audit data,
including interviews, document reviews, and observation.

 Hybrid Audit
A hybrid audit is a combination of automatic and manual
audits.
Most audits fall into this classification.

Audit Types
Financial audit: Ensure that all financial
transactions are accounted for and comply with the
law.
Security audit: Evaluates if the system is as secure as
it should be. This audit identifies security gaps and
vulnerabilities.
Compliance audit: Verifies that the system complies
with industry standards, government regulations, or
partner and client policies

Audit Types
Operational audit: Verifies if an operation is working
according to the policies of the company.
Investigative audit: performed in response to an event,
request, threat, or incident to verify the integrity of the system.
Product audit: performed to ensure that the product complies
with industry standards. This audit is sometimes confused with
testing; it should not be.
Preventive audit: Performed to identify problems before they
occur.

Accessibility 43
Benefits and Side Effects of
AuditingBenefits:
Enforces company policies and government
regulations and laws
Lowers the incidence of security violations
Identifies security gaps and vulnerabilities
Provides an audit trail of activities
Provides means to observe and evaluate operations of
the audited entity
Makes the organization more accountable

Accessibility 44
Benefits and Side Effects of
Auditing (continued)
Side effects:
Performance problems
Too many reports and documents
Disruption to the operations of the audited entity
Consumption of resources, and added costs from
downtime
Friction between operators and auditor
Same from a database perspective

Auditing Models
Security and auditing are the two inseparable
elements of data and database integrity.
Database auditing can be implemented by utilizing
built-in feature of the database or by creating own
mechanism

Auditing Models
It is important that we need to understand how
auditing is processed for data and database activities.
The flowchart shows what happens when a user
performs and action on a database object.
Specific checks occur to verify if the action, the user,
or the object are registered repository

Auditing Models
If they are registered, following are recorded :
State of the object before the action was taken along
with the time of the action.
Description of the action that was performed
Name of the user who performed the action

Accessibility 48
Auditing Models
(continued)
User-name
Action
Object
Previous
values and
record

Accessibility 49
Simple Auditing Model 1
Easy to understand and develop
Registers audited entities in the audit model
repository
Chronologically tracks activities performed
Entities: user, table, or column
Activities: DML transaction (update, insert, delete)
or logon and off times
Status: active, deleted, inactive

Accessibility 50
(continued)
update, insert,
delete, logon
and off
user, table,
or column
active,
deleted,
inactive

A control column is a placeholder for data that the
application inserts automatically when a record is
created or updated.
It stores data about the current record, such as date
and time the record was created and updated.

Database Auditing Checklist
Evaluate the purpose for auditing.
After you have a clear understanding of the reasons
for auditing, you can devise an appropriate auditing
strategy and avoid unnecessary auditing.

For example, suppose you are auditing to investigate
suspicious database activity. This information by itself
is not specific enough.
What types of suspicious database activity do you
suspect or have you noticed?
A more focused auditing purpose might be to audit
unauthorized deletions from arbitrary tables in the
database.

This purpose narrows the type of action being
audited and the type of object being affected by the
suspicious activity.
Audit knowledgeably.
Audit the minimum number of statements, users, or
objects required to get the targeted information.

This prevents unnecessary audit information from
cluttering the meaningful information and consuming
valuable space in the SYSTEM tablespace.
Balance your need to gather sufficient security
information with your ability to store and process it.

Auditing Normal Database Activity
Audit only relevant actions.
To avoid disorder meaningful information with
useless audit records and reduce the amount of audit
trail administration, only audit the targeted database
activities.

Archive audit records and purge the audit trail.
After you have collected the required information,
archive the audit records of interest and purge the
audit trail of this information.

Auditing Suspicious Database Activity
First audit generally, and then specifically.
When starting to audit for suspicious database
activity, it is common that not much information is
available to target specific users or schema objects.

Therefore, audit options must be set more generally
at first.
Once preliminary audit information is recorded and
analyzed, the general audit options should be turned
off and more specific audit options enabled.
This process should continue until enough evidence
is gathered to draw conclusions about the origin of
the suspicious database activity.

Protect the audit trail.
When auditing for suspicious database activity,
protect the audit trail so that audit information
cannot be added, changed, or deleted without being
audited.

Database auditing models

More Related Content

What's hot (20)

Viewers also liked (14)

Similar to Database auditing models (20)

Recently uploaded (20)

Database auditing models