high level risk assessments for databases

are there any common types of risks that can be used for a high level risk assessment of critical databases. I was thinking of broad categories such as security, performance, availability etc and then to retrieve some assurances on controls in place to support these/mitigate against risks associated with each category. These are a blend of MSSQL and Oracle. I appreciate there will be lots of controls required to support each, but getting the high level risks would be useful start point and I didn't want to miss anything critical before digging into the risk mitigations.
LVL 3
pma111Asked:
Who is Participating?
 
btanExec ConsultantCommented:
May consider internal risk esp on DBA access to the DB and DB to DB connectivity for data archive and backup

  1. confidentiality impact - unprotected data at rest (plain data) and in transit (no secure channel) > Interception of data
  2. authentication/authorisation impact - personal data in plain, accessible by operator, insider threat  > data leakage / breach
  3. integrity impact - lack of masking of sensitive data, no digital signature > data tamper / repudiation
  4. availability impact - surge traffic/high resource utilization, hanged threads, excessive concurrent transaction > denial of service
  5. privacy impact - personal details revealed to DBA, abuse of privileged rights > unauthorised access, confidence loss
  6. incident mgmt impact - lack of audit trails, log, no DR or BCP plan, corrupted/missing backup > delayed reporting, lack oversight
Main threat is really insider and privileged user abusing their rights and committed mischief or sabotage (plant backdoor, malware) ..
0
 
jtriftsMI and AutomationCommented:
There is a rather lengthy section in "Oracle Database 11g Release 2 Performance Tuning Tips & Techniques (Oracle Press)" on this very topic. It provides a list of a number of areas which can be evaluated for several classifications of risk and maturity.

There is a newer 12c version out now: https://www.amazon.co.uk/Oracle-Database-Release-Performance-Techniques/dp/1259589684/ref=pd_sim_14_1?_encoding=UTF8&psc=1&refRID=NB737NKJJY74S0Y6XZG2
Chapter 15 is the one to go for.
0
 
btanExec ConsultantCommented:
for author advice
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.