SQLServerCentral - www.sqlservercentral.com

A community of more than 1,600,000 database professionals and growing

Featured Contents

The Voice of the DBA

Only as Good as Your Auditor

Today we have a guest editorial as Steve is out of the office.

A while back I took a two year break from being a DBA to lead an effort to enhance security for a large company. When I arrived, they were still working on the task list, from small things like changing service account passwords to bigger items like replacing 80 firewalls, all based on an in-depth review by an external auditor.

After weeks of effort the list stabilized, solutions were decided on and the work was started. The work took months to accomplish and overall, seemed to go as well as it can when you drop a ton of work onto a team that is already fully tasked. Then the second auditor arrived and started his review. Second auditor? Oh yes, we had a second firm come in to make sure nothing was missed. That second go-around resulted in more work with a lot less time to get it done to meet the compliance deadline.

We got it all done, literally finishing on the last day. We scheduled some clean up and enhancements and looked forward to the next audit being a business as usual process.

You can see the train coming, right?

For the second “official” audit, we started about three months from the due date as we expected things to go smoothly. Perhaps it would have, but we now had a third auditor, and while he liked most of what he saw, there were some things he didn’t like that were deal breakers. Fix-these-or-fail kind of things. Some weren’t too bad, but one of them was huge. Not fun. But we were a better team now and we got it all done, just in time.

It was a learning moment, if a painful one. The different auditors were all interpreting the same requirements and our implementation of them, but not all in the same way or to the same degree, and so we kept having new work (and potentially previously unaddressed vulnerabilities) added to the list. We were only as good as our auditor, or perhaps the sum of our recent auditors. It was a frustrating lesson, but in hindsight an obvious one.

It’s not as easy as saying using a different auditor each year. Businesses like to use the same auditor (or at least the same company) year over year because it is faster and less expensive. They’ve learned the environment and have the previous year documentation as a base. It’s a reasonable strategy, because a new auditor every year would soak up a lot of time and an returning auditor will often have time to dig into things they didn’t see or have time to fully vet on the first audit. 

My goal isn’t to diminish the value of an audit - passing one is a good thing! Just don’t make the mistake of equating passing the test with having done enough. Keep looking for the gaps and remember that few auditors have deep experience with every bit of tech you use.

Andy Warren from SQLServerCentral.com

Join the debate, and respond to today's editorial on the forums

ADVERTISEMENT
SQL Clone

NEW SQL Clone - version 1 now available!

Create copies of production databases and SQL backups in seconds and save up to 99% of disk space using SQL Clone. Redgate’s new tool removes much of the time and resource needed to create and manage database copies, allowing teams to work on local environments to develop, test and diagnose issues faster. Try it free.

Featured Contents

 

Understanding Graphical Execution Plans - Part 1: Explaining the Plan

Darren White from SQLServerCentral.com

Understanding execution plans is a good basic skill for all DBA's and SQL developers. Darren White gives us an overview of what execution plans are in SQL Server and how they are used. More »


 

TroubleShooting SQL Server Memory Consumption

Additional Articles from SQL Server Performance

Satnam Singh walks through the steps he took to troubleshoot a recent issue with memory consumption on a staging server. More »


 

From the SQLServerCentral Blogs - Microsoft: 1 Year in, how's it going?

SQLBalls from SQLServerCentral Blogs

Hello Dear Reader, one year ago today it was leap year, February 29th 2016. So I'm a year older, the... More »


 

From the SQLServerCentral Blogs - TSQLTuesday.com

Steve Jones from SQLServerCentral Blogs

I’ve hosted a page on this blog that has all the T-SQL Tuesday blog invitations and roundups linked. I did... More »

Question of the Day

Today's Question (by Steve Jones):

I am worried that other DBAs in my organization are abusing trace flags. I want to determine if there are any session or global trace flags set. How can I do this? 

Think you know the answer? Click here, and find out if you are right.


We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: trace flags.

We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center.

ADVERTISEMENT

Pro Power BI Desktop

This book shows how to deliver eye-catching Business Intelligence with Microsoft Power BI Desktop. You can now take data from virtually any source and use it to produce stunning dashboards and compelling reports that will seize your audience’s attention. Slice and dice the data with remarkable ease then add metrics and KPIs to project the insights that create your competitive advantage.

Yesterday's Question of the Day

Yesterday's Question (by Steve Jones):

I want to secure my Reporting Services report server so that all of my clients can connect with SSL. In order to do this, what cryptographic object do I need?

Answer: Create a certificate and import it into the Local Computer certificate store, then select it in the the Reporting Services Configuration Manager

Explanation:

To secure a Reporting Services installation with SSL, you need a certificate.

Ref: Configure SSRS with an SSL Certificate - http://www.sqlservercentral.com/articles/SSRS/153190/

Configure SSL Connections on a Native Mode Report Server - click here


» Discuss this question and answer on the forums

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2016 : SQL Server 2016 - Administration

Can I just attach to a database? - My work PC had a very small primary drive. My boss was able to get larger drives. This morning my...

SQL Server Restarted Automatically - Hi All, In our production server, suddenly the server got restarted .What will be the reason..Is there any other way to...

1 windows failover cluster and 4 Availability groups, is it possible? - Hello, I am trying to verify if possible to have 1 fail over cluster, but 4 availability groups, is it possible?...

SQL Server 2016 DBA Training - Hi people, I've been working as a SQL developer for a number of years, with an increasing amount of DBA work...


SQL Server 2016 : SQL Server 2016 - Development and T-SQL

QueryOptimization - Hi all, I have like this CREATE TABLE dbo.   (    IDENTITY(1, 1)          NOT NULL ,     NULL,      NULL,   [LastUpdatedat

Encapsulating complex logic without using a scalar UDF - I have business logic for date comparisons that go beyond the typical DATEDIFF functionality.  For example, when determining the number...


SQL Server 2014 : Administration - SQL Server 2014

Cleaning up SKU's in my master POS DB, need to move SKU's with check digit to temp table - So when I run this simple query: select * from Inventory where Dept_ID = '1123' Department ID 1123 is Cigarette Cartons. We program our Honeywell...

DB restore stucks after recovery step - Hi, trying to restore my db for testing https://www.sqlservercentral.com/Forums/1862799/checkdb-Multiple-IAM-pages-for-object I splitted the restore process into 2 steps, i restore full with...

Index Size Difference - Hi Experts, For testing I have created a table with a clustered index selecting all columns and inserted some data . The...

checkdb "Multiple IAM pages for object" - Hi all, my last checkdb return this error for 6 tables: this is an example: Table error: Multiple IAM pages for object...

SQL Server 2014 Patching (on Cumulatives updates) and Rolling Updates - Need advice - Hi all, As most of of you already know, MS recommends to patch CUs as the same as SPs. I have generally...


SQL Server 2014 : Development - SQL Server 2014

How to overcome the identity column "jump 1000" issue - Hey, Since SQL2012 MS changed something with the identity column; after a restart the value jumps with 1000 (for INT identity...


SQL Server 2012 : SQL Server 2012 - T-SQL

capture data changes on tables - I need to stored procedure to capture data changes like insert update and delete on the table.Any suggestions please welcome.

How to make one innerjoin to bring all value of all the substrings within a string separated by a comma - Hi,  I have two tables, answers and lookup, In my answer table I have a field named: value, it my contain...


SQL Server 2008 : SQL Server 2008 - General

The database XXXX is not accessible (ObjectExplorer) - Hello Experts, First of all I am not a DBA guy and have only limited knowledge on SQL server DB. :) We...

How to parse this, 'F0-B20170225131636437{A^CM.INIT}' - What is the best way to parse out 'CM.INIT' from 'F0-B20170225131636437{A^CM.INIT}'?

SSIS job completion - hi i have an ssis job that picks up .csv files and posts them into various tables. when i manually run the...


SQL Server 2008 : SQL Server Newbies

Stupid Question: Return Object Explorer to It's original position - Stupid question but I accidentally moved object explorer from it's original default position on SSMS. By default, object explorer is...


Data Warehousing : Integration Services

Execute T-SQL Statement using Parameter Values - I'm using Visual Studio 2012 and also new to SSIS. I have a simple package with a data flow that reads...

Prevent Loading bad data into Table from excel spreadsheet - How do I prevent the bad data from excel loading into a table? I already have a pacakge loading from excel...

This email has been sent to {user_email}. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.
This transmission is ©2015 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com