Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Database Auditors

Posted on 2010-11-15
6
Medium Priority
?
257 Views
Last Modified: 2012-05-10
My department (Database Unit) is scheduled to be audited in January 2011.  I've never be in this situation before, none have I done any database documentation.  

Please, what exactly do I need to get prepared for database auditing.

How is database documentation done?  

What needs to be documented for the auditing.

Any special template?

Please respond with detail steps.

Thanks
0
Comment
Question by:Favorable
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 57

Accepted Solution

by:
Raja Jegan R earned 1336 total points
ID: 34136673
>> How is database documentation done?  

You can use these third party tools to get documentation done easily:

1. ApexSQL Doc (http://www.apexsql.com/sql_tools_doc.aspx)
2. RedGate SQL Doc (http://www.apexsql.com/sql_tools_doc.aspx)

>> what exactly do I need to get prepared for database auditing.

Database Auditing is nothing but confirming your database to be online with the standards defined for your organization.
If you have SQL Server 2008 or 2008 R2, then you can enforce all these standards using Policies and Facets which would alert you in case of any violations. Else you need to manually check for these kind of violations and correct it accordingly.
0
 
LVL 7

Expert Comment

by:Cboudroz
ID: 34137514
Normally its more about security.

Make sure your have a some rules wright down for security and that they can be confirm on the server:


ex:

List of DBA
List of Data reader
List of Data Writer
ALL User need to used Store procedure to access data
Sensitive data are encrypted (Credit card)
Difference between DEVELOPPEMENT server and production server.
Maintenance plan
...


0
 

Author Comment

by:Favorable
ID: 34138416
Do you have a script that will list all the user and privilleges assigned?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 23

Assisted Solution

by:Racim BOUDJAKDJI
Racim BOUDJAKDJI earned 664 total points
ID: 34139309
If the Auditors are MS, they will be conducting something called a SQLRAP and will be looking for several points among which *security*

Proceed by priority:

> Deploy a monitoring: install SCOM Management Pack for SQL Server.  Show you have things under control...
> Security: Take away BUILTIN/ADMIN from the logins.  Most auditors I have met perceive it as a major security threat
> Security: on your sensitive databases, reduce the numer of logins to the minimum;  Tell the auditors, you have ongoing projects to rectify previous poor security.  That will buy you time...
> Make sure your sensitive databases are backed up.  That way you can always say: Hey I know my database are not secured BUT I CAN restore them anytime if loose them...
> Break TEMPDB into as many files as there cores on the servers hosting them...Shows the auditor you are conscious about best practices...

The actions above are among the ones that will give you some respect from auditors...

Hope this helps...
0
 

Author Comment

by:Favorable
ID: 34140864
Will I need any special template or just word and excel?
0
 
LVL 57

Assisted Solution

by:Raja Jegan R
Raja Jegan R earned 1336 total points
ID: 34141920
Steps to Audit DDL commands here:

http://www.mssqltips.com/tip.asp?tip=1006

Audit Logging through Profiler trace and Audit mode:

http://www.sqlmag.com/article/auditing/get-compliant-with-sql-server-2005-audit-logging.aspx

Best Practices Analyser (which would list you all possible violations):

http://www.microsoft.com/downloads/en/details.aspx?FamilyId=da0531e4-e94c-4991-82fa-f0e3fbd05e63&displaylang=en
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question