Home > IT Blogs > Sister CISA CISSP/

Sister CISA CISSP:

SQL Server

1
September 19, 2008  7:37 PM

Auditing MS SQL – Roles, and Why They Matter



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, Development, IT audit, Microsoft Windows, Security, SQL Server, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

SQL "Server" runs on top of MS Windows, and it has groups inside of it that are not seen on the Windows server or even the Windows Domain. That's why we have to check and make sure that inappropriate users don't have complete access to everything inside the database. Not everyone should be...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 16, 2008  5:58 PM

FREE Tools for Auditing MS SQL Server



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, free tools, IT audit, Microsoft Windows, PCI DSS, Security, SOX, SQL Server, Steps to an Easy Audit, Tools for Auditing and Security

There's a lot of really nice application tools to audit SQL databases out there. They have lots of bells and whistles and write out a really nice report with professional formatting. If you've got one of those, LUCKY YOU. But most of us Admins and Auditors have to scrounge for what we can find...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 12, 2008  2:14 PM

Inside the Database Server – MS SQL



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, IT audit, Security, SQL Server, Tools for Auditing and Security

The first question to answer is: "Is the SQL system patched?" You or a DBA can confirm this inside Enterprise Manager (the software client that runs on SQL or from a remote installation of it) by right-clicking the primary database icon and selecting Properties. You can also run a query inside...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 21, 2008  3:48 PM

How to Audit Databases: Part I



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, DataManagement, Identity theft, IT audit, Oracle, PCI DSS, SAP, SAS 70, Security, SOX, SQL Server

Databases are enormous, powerful repositories of data. They can hold payroll, HR personnel data (think social security numbers) stock prices, Accounts Receivable, Client Relationship Management, and customer information. Banks can't live without them. Most medium and many small sized businesses...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 19, 2008  1:20 PM

I Can Make Your Database Lie to You



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, DataManagement, Identity theft, IT audit, Oracle, PCI DSS, SAP, SAS 70, Security, SOX, SQL Server

So many financial auditors, CEOs, CFOs and others rely on electronic data to understand the complexities of General Ledger, Accounts Payable, etc. In this era of SAP, ADP, electronic time clocks, etc., the one common denominator is the database underlying each application. Applications...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

May 13, 2008  4:38 PM

Steps to an Easy Audit (2) – Where’s the Beef, ah, I mean, Data?



Posted by: Arian Eigen Heald
Compliance, Database, Database security, IT audit, PCI DSS, Security, SQL Server, Steps to an Easy Audit

Remember that commercial (I'm dating myself, I know) where the little old lady lifts the top of the burger bun and says, "Where's the beef?" All things considered, we have to ask the same sorts of questions about data. Usually we're...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

1