Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

What Do You Want Auditors to Know About Auditing SQL Server?

Right now it looks like I'll be putting a training session on for my local ISACA chapter on SQL Server security and auditing SQL Server.  I know there is usually a lot of griping by DBAs when auditors show up and ask about their databases. Typically it's around how the auditors are going from a checklist and aren't really well-versed in the technology itself. I'm volunteering to teach the training so that they better know what needs to be looked at from a SQL Server perspective because I've been there, too.

So what are your pain points when dealing with auditors? If you had the chance to teach them a subject or area before they walked over and started their checklist of questions, what would it be? What do you think they should be looking at? I'll try to work a lot of that into the class. The better we educate them as to what really matters, the less they'll be in our hair.

 

Comments

Posted by dlee on 22 January 2009

Off the top of my head, I'd say they only need to be concerned with how often backups are done, who has access to what data, and how is high availability (if necessary) is implemented.  Perhaps there are others.  Personally, I've generally not had trouble with auditors in the past.

Posted by ALZDBA on 28 January 2009

- status of "sa".

- non default sa password

- how to read and interpret the MSBSA output for sqlserver.

- DRP for the instance / db

- what kind of traces are active, and how are they analysed (audit procedure)

- how is user access granted and enforced ? i.e. if a user has windows authenticated access to the audited instance, how is determined that user actually uses the designated application to manipulate the data.

- is the sqlserver instance still using builtin\admin or not ? (risc of non sqladmins to cause downtime)

Leave a Comment

Please register or log in to leave a comment.