Just how do you protect your database? Here are eight tips to consider when you are looking to lock down the structured data in your enterprise.
By Brian Prince and Chris Preimesberger
- Directly Monitor Your Financial Database
- Assess and Remediate Weaknesses
- Audit User Access
- Know How Users Use the Database
- Verify Transaction Authenticity
- Require Independent Review
- Automate Controls To Reduce Annual Audit Costs
- Employ Encryption To Protect Data
Many databases are vulnerable to unauthorized access due to insufficient patch levels or the use of default or weak passwords.
These conditions can leave the door open to unauthorized users who bypass application-level controls and directly alter data.
Database access rights must be regularly reviewed and, if need be, revised to ensure user rights are consistent and properly limited. This is especially important given the rise of self-service applications and direct customer access. The failure to modify—or remove—user accounts as employees and customers change roles creates a large security infrastructure hole. One of the best defenses against outside attacks and internal fraud is the detection of anomalous activity. Implement database-monitoring tools that distinguish normal and abnormal activities for each user, and that can immediately respond to abnormal activities. A forensic trail generated through auditing tools can help verify the authenticity of database transactions. Even trusted users can manipulate standard business practices to perpetrate fraud with special, end-of-period adjustments. Check all individual- and application-sourced changes to financial data to identify odd adjustments. And, verify adjustments with independent monitoring and auditing software, rather than the accounting software that your financial personnel use. Manual annual audits are expensive, cause seasonal spikes in resource requirements, overburden your staff, introduce errors and slow down other operations. Conversely, an automated, continuous monitoring of key database controls helps you identify issues throughout the year, enables quick resolution of issues and reduces expensive, time-consuming mitigation procedures. Regulatory compliance requires that some data in the database be encrypted, but all companies should consider encryption as it mitigates risk. 資料來源 http://www.eweek.com/c/a/Enterprise-Apps/8-Simple-Steps-to-Protect-Your-Database/8/ 
留言列表
