Download Database Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Business intelligence wikipedia , lookup

Enterprise resource planning wikipedia , lookup

Transcript 
Kevin Casady
Hanna Short
BJ Rollinson



Centralized and Structured collection of data
stored in a computer system
An electronic filing system
Easy access to information



Provide a convenient means of storing large
amounts of data.
Quick access to information allowing for
sorting, searching, viewing and manipulating.
Efficiency.


Enterprise Resource Planning - ERP is an
application system that integrates a
company’s business processes and financial
data in one platform.
Massive Database that encompasses the
entire business operations.




There is a shortage of staff members trained
in ERP security.
Implementers pay inadequate attention to
ERP security during deployment.
ERP tools for security audit are inadequate.
The customization of ERP systems to firms
inhibits the development of standardized
security solutions.






Data loss can cost a company significant losses in
revenue, integrity, and bring on unwanted litigation.
As noted in a 2007 survey, 85 percent of businesses
have experienced a data security breach.
The estimated breaches have cost US $182 per
compromised record.
Data breaches remain the leading cause of financial
losses.
A survey conducted in 2007 revealed that 40 percent of
companies are not monitoring their databases for
suspicious activity.
Privacy Rights Clearinghouse.
www.privacyrights.org

External
◦ Gaining access from outside the company.

Internal
◦ Employee who should not have access, gains access
◦ Employee abuses their access privileges.
2007 Computer Crime and Security Survey:
◦ Insider abuse of net access- 59 percent
◦ Unauthorized access to information- 25 percent
◦ Theft of customer or employee data- 17 percent

Perimeter Controls
◦ Keep people on the outside from gaining access.

User identity and access management
◦ Who is allowed to do what.
◦ Ensure things are as they are supposed to be.

Application systems
◦ Independent audit software tools.

Privileged Users
◦ Physical and logical controls within and outside
their sphere of operational control are needed to
provide evidence of their actions.




Review prior report if there is one.
Obtain important information from database
environment
Talk to database administrators
Identify significant risks and key controls that
mitigate these risks.




Security patches are applied in a timely
manner.
Processes are in place to regularly monitor
security on the system.
Operating system is secured and database
files are protected (passwords, permissions,
encryption)
The database server is physically protected
(located in a secure location)



Users are restricted to information required
to perform job.
Assure that backup and recovery strategies
exist.
Controls are in place to keep database
information secure over the network.

After testing, the auditor may send out a
questionnaire to ensure that their test results
are aligned the internal auditor findings.





Nair, Sushila. The Art of Database
Monitoring. 2008.
Le Grand, Charles & Sarel, Dan. Database
Security, Compliance, and Audit. 2008.
Musaji, Yusuf. ERP Post Implementation
Problems. 2005.
ISACA. Oracle Database Security, Audit and
Control Features.
Stephens, Richard. Importance of Database
Uptime. July 2007.
<http://www.liu.edu/cwis/cwp/library/works
hop/citmla.htm>
Related documents
Microsoft TechDay 2014 - Lithuania, Estonia, Latvia
Microsoft TechDay 2014 - Lithuania, Estonia, Latvia
MC 707 - Computer Information Systems
MC 707 - Computer Information Systems
Business process reengineering (BPR) is, in computer
Business process reengineering (BPR) is, in computer
Enterprise Resource Problems at the CSU
Enterprise Resource Problems at the CSU
Cross-Functional Information Systems
Cross-Functional Information Systems
MSMIS Core Course Learning Outcomes Updated 9/26/15 MIS
MSMIS Core Course Learning Outcomes Updated 9/26/15 MIS
INTERNSHIP #1) The company is in Hollister. Competitive pay, the
INTERNSHIP #1) The company is in Hollister. Competitive pay, the
SYSTEMS ANALYST BASIC FUNCTION
SYSTEMS ANALYST BASIC FUNCTION
Chapter 2 File
Chapter 2 File
Announcement to foreign citizens
Announcement to foreign citizens
DIPLOMA-IN-INDIAN-FOREIGN-ACCOUNTING
DIPLOMA-IN-INDIAN-FOREIGN-ACCOUNTING
Slide 1
Slide 1
Whirlpool Europe
Whirlpool Europe
read the study and recommendations presentation
read the study and recommendations presentation
Chapter 10 Advanced Technology & ERP
Chapter 10 Advanced Technology & ERP
Information Systems for Competitive Advantage
Information Systems for Competitive Advantage
Upgrade EBS database 19c
Upgrade EBS database 19c
Audit Logger for ACCPAC is an intelligent module that operates
Audit Logger for ACCPAC is an intelligent module that operates
zahidullah_conf_12
zahidullah_conf_12
Technology In Business chapters 10-12
Technology In Business chapters 10-12
Microsoft Dynamics Academic Alliance
Microsoft Dynamics Academic Alliance
FUJITSU GLOVIA, INC. TIMELINE
FUJITSU GLOVIA, INC. TIMELINE