high level risk assessments for databases

are there any common types of risks that can be used for a high level risk assessment of critical databases. I was thinking of broad categories such as security, performance, availability etc and then to retrieve some assurances on controls in place to support these/mitigate against risks associated with each category. These are a blend of MSSQL and Oracle. I appreciate there will be lots of controls required to support each, but getting the high level risks would be useful start point and I didn't want to miss anything critical before digging into the risk mitigations.
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
May consider internal risk esp on DBA access to the DB and DB to DB connectivity for data archive and backup

  1. confidentiality impact - unprotected data at rest (plain data) and in transit (no secure channel) > Interception of data
  2. authentication/authorisation impact - personal data in plain, accessible by operator, insider threat  > data leakage / breach
  3. integrity impact - lack of masking of sensitive data, no digital signature > data tamper / repudiation
  4. availability impact - surge traffic/high resource utilization, hanged threads, excessive concurrent transaction > denial of service
  5. privacy impact - personal details revealed to DBA, abuse of privileged rights > unauthorised access, confidence loss
  6. incident mgmt impact - lack of audit trails, log, no DR or BCP plan, corrupted/missing backup > delayed reporting, lack oversight
Main threat is really insider and privileged user abusing their rights and committed mischief or sabotage (plant backdoor, malware) ..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jtriftsMI and AutomationCommented:
There is a rather lengthy section in "Oracle Database 11g Release 2 Performance Tuning Tips & Techniques (Oracle Press)" on this very topic. It provides a list of a number of areas which can be evaluated for several classifications of risk and maturity.

There is a newer 12c version out now: https://www.amazon.co.uk/Oracle-Database-Release-Performance-Techniques/dp/1259589684/ref=pd_sim_14_1?_encoding=UTF8&psc=1&refRID=NB737NKJJY74S0Y6XZG2
Chapter 15 is the one to go for.
0
btanExec ConsultantCommented:
for author advice
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.