User Account

All Pages

Auditing database systems and storage systems

Assignment Help Accounting Basics
Reference no: EM13925305

1. In Module 5, we learned what to look for when auditing database systems and storage systems. In general, lets consider both of these as information systems (databases store information and so do storage systems). In this activity you will have to consider the use of these systems in an organization and the importance of their associated audits.

Auditing Essays

You will prepare and submit a number of short papers assigned by the instructor. These auditing examples are an opportunity for you to analyze issues drawn from the reading for the module. Your written analysis will be approximately two to three pages in length. Assignments completed in a narrative essay or composition format must follow APA guidelines. This course will require students to use the citation and reference style established by the American Psychological Association (APA), and students should follow the guidelines set forth in Publication Manual of the American Psychological Association (6th ed.). (2010). Washington, D.C.: American Psychological Association.

In Module 2, we were introduced to the Turner Assembly Group. Take another look at the company network:

Turner Assembly Group Company Network

Additional network information:

Device details: Human Resources contains 6 computers and one printer, one WAP and one camera. Assembly floor contains 8 computers (two are in a break area Kiosk for employee Internet access), two printers, four cameras, two WAPs). Management staff contains 8 computers, two printers, one WAP, one camera.

Human Resources, Assembly floor, and Management Staff are on separate VLANs.

Firewall provides URL filtering (blacklisted URLs denied) and active IDS.

All Internet browsing requests from internal LAN are proxied through the DMZ web server.

Full back up is performed on-site every Saturday. Differential backups on Tuesday and Thursday. Backup media is then removed to an off-site location.

Real-time backups of file changes are encrypted and uploaded to an external storage provider (Carbonite).

WAPs are protected by WPA2 encryption.

All files are stored on the NAS, including individual folders for staff files.

All computers are Windows 7 except the servers in the DMZ and internal LAN, which are Windows Server 2008.

No employees except IT administration have administrative access to their computers.

All computers run anti-virus software with current signatures and have their software firewalls enabled.

One of the application servers hosts Microsoft SQL Server.

The various Access databases used in the organization (HR employee database, contracts database, and inventory database) are stored on the NAS. The NAS capacity is 16 TB (16,000 GB) and is only 20% full. It is a RAID5 system using multiple 2 GB drives with two hot spares available.

Other information that may pertain:

The company does not accept or process credit card information so there is no need for PCI compliance.

The company does maintain personal health records for its employees.

These records are stored in an encrypted format and transmitted via VPN when necessary.

The company has never undergone an IT audit. There have been no external or internal penetration tests. The IT administrator does, however, run weekly vulnerability scans on all computers on the network.

No security awareness training has been provided to any of the employees.

Employees are allowed to use their own mobile devices on the company network.

In your essay, please respond to the following:

How do the auditing steps presented in the database and storage auditing chapters align with the Turner company network?

Does anything in the network architecture or additional information provided raise any red flags in terms of auditing?

What information would the audit team need from the IT security administrator in order to complete the audit?

See the Course Calendar for the due date.

Compose your work using a word processor (or other software as appropriate) and save it frequently to your computer. Be sure to check your work and correct any spelling or grammatical errors before you upload it.

When you are ready to submit your work, click "Browse My Computer" and find your file. Once you have located your file, click "Open" and, if successful, the file name will appear under the Attached files heading. Scroll to the bottom of the page and click "Submit."

Reference

Davis, C., Schiller, M., & Wheeler, K. (2011). IT auditing using controls to protect information assets (2nd ed.). New York, NY: McGraw-Hill Companies.

Auditing Databases

Checklist for Auditing Databases

1. Obtain the database version and compare it against policy requirements. Verify that the database is running a version the vendor continues to support.

2. Verify that policies and procedures are in place to identify when a patch is available and to apply the patch. Ensure that all approved patches are installed per your database management policy.

3. Determine whether a standard build is available for new database systems and whether that baseline has adequate security settings.

4. Ensure that access to the operating system is properly restricted.

5. Ensure that permissions on the directory in which the database is installed, and the database files themselves, are properly restricted.

6. Ensure that permissions on the registry keys used by the database are properly restricted.

7. Review and evaluate procedures for creating user accounts and ensuring that accounts are created only when theres a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change.

8. Check for default usernames and passwords.

9. Check for easily guessed passwords.

10. Check that password management capabilities are enabled.

11. Verify that database permissions are granted or revoked appropriately for the required level of authorization.

12. Review database permissions granted to individuals instead of groups or roles.

13. Ensure that database permissions are not implicitly granted incorrectly.

14. Review dynamic SQL executed in stored procedures.

15. Ensure that row-level access to table data is implemented properly.

16. Revoke PUBLIC permissions where not needed.

17. Verify that network encryption is implemented.

18. Verify that encryption of data at rest is implemented where appropriate.

19. Verify the appropriate use of database auditing and activity monitoring.

20. Evaluate how capacity is managed for the database environment to support existing and anticipated business requirements.

21. Evaluate how performance is managed and monitored for the database environment to support existing and anticipated business requirements.

Checklist for Auditing Storage

1. Document the overall storage management architecture, including the hardware and supporting network infrastructure.

2. Obtain the software version and compare it against policy requirements.

3. Verify that policies and procedures are in place to identify when a patch is available and to evaluate and apply applicable patches. Ensure that all approved patches are installed per your policy.

4. Determine what services and features are enabled on the system and validate their necessity with the system administrator.

5. Review and evaluate procedures for creating administrative accounts and ensuring that accounts are created only when theres a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change.

6. Evaluate the process and policies used for granting and revoking access to storage.

7. Evaluate how capacity is managed for the storage environment to support existing and anticipated business requirements.

8. Evaluate how performance is managed and monitored for the storage environment to support existing and anticipated business requirements.

9. Evaluate the policies, processes, and controls for data backup frequency, handling, and remote storage.

10. Verify that encryption of data-at-rest is implemented where appropriate.

11. Verify that network encryption of data-in-motion is implemented where appropriate.

12. Evaluate the low-level and technical controls in place to segregate or firewall highly sensitive data from the rest of the storage environment.

13. Review and evaluate system administrator procedures for security monitoring.

14. Perform the steps from Chapter 4, Auditing Data Centers and Disaster Recovery, as they pertain to the system you are auditing.

Reference no: EM13925305

Questions Cloud

Rental yards provides construction equipment : Round Table Rental Yards provides construction equipment, trailers, crutches, etc., on short-term rentals. Historically, Art, the owner, has purchased the items that he rents out, but his business has been expanding so rapidly that he is considering ..
Identify six guidelines for drafting effective website conte : Identify six guidelines for drafting effective website content, and offer guidelines for becoming a valuable wiki contributor.Drafting Website ContentMajor sections on websites, particularly those that are fairly static (unlike, say, a blog) function..
Mutually exclusive projects and contingent projects : Raider Productions has to decide whether to build its warehouse in Dallas or Houston. This decision falls into the class of a. independent projects. b. mutually exclusive projects. c. contingent projects. d. marginal projects.
Conduct an analysis of the industry and competitors : What are the best tools to use in this situation and provide a brief summary of at least 2 of these tools and why do you think these are the best ways to analyze the market?
Auditing database systems and storage systems : 1. In Module 5, we learned what to look for when auditing database systems and storage systems. In general, lets consider both of these as information systems (databases store information and so do storage systems). In this activity you will have ..
How will the software impact the production environment : Evaluate and select a security tool for recommendation that you learned about in the iLabs modules or the EC-Council text books.
What can you say about joes performance : Performance analysis shows that he has realized an information ratio of 1 and a t statistic of 1 over this period. What can you say about Joe's performance?
How the blood pressure can be measured : What does a blood pressure measurement of 110/70 mean?
Cash dividend declaration : cash dividend declaration and payment of $1 per share 3) property dividend declaration and payment of shares representing a short-term

Reviews

Write a Review

Accounting Basics Questions & Answers

  How much control does fed have over this longer real rate

Hubbard argues that the Fed can control the Fed funds rate, but the interest rate that is important for the economy is a longer-term real rate of interest.   How much control does the Fed have over this longer real rate?

  Coures:- fundamental accounting principles

Coures:- Fundamental Accounting Principles: - Explain the goals and uses of special journals.

  Accounting problems

Accounting problems,  Draw a detailed timeline incorporating the dividends, calculate    the exact Payback Period  b)   the discounted Payback Period. the IRR,  the NPV, the Profitability Index.

  Theory of interest - term structure of interest rates

Term Structure of Interest Rates

  Write a report on internal controls

Write a report on Internal Controls

  Prepare the bank reconciliation for company

Prepare the bank reconciliation for company.

  Cost-benefit analysis

Create a cost-benefit analysis to evaluate the project

  Theory of interest

Theory of Interest: NPV, IRR, Nominal and Real, Amortization, Sinking Fund, TWRR, DWRR

  Liquidity and profitability

Distinguish between liquidity and profitability.

  What is the expected risk premium on the portfolio

Your Corp, Inc. has a corporate tax rate of 35%. Please calculate their after tax cost of debt expressed as a percentage. Your Corp, Inc. has several outstanding bond issues all of which require semiannual interest payments.

  Simple interest and compound interest

Simple Interest, Compound interest, discount rate, force of interest, AV, PV

  Capm and venture capital

CAPM and Venture Capital

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd