| Database audit trail compromised [message #217382] |
Thu, 01 February 2007 23:27  |
aatif2001
Messages: 4
Registered: January 2007
Location: ISB
|
Junior Member |
|
|
Hi there, i require some guidance from the "technicals" to sort out a query
Scenario : we have a Database in SQL server designed by a leading world company, now scenario is that the administrator password is set to blank if the password being reset to any figure or characters the database hang resulting the database unreachable. in point of that the worst thing is the database is maintained decentralised . As part of the audit team i am require to put my concerns regarding the scenario and the best possible way to tackle these things as we have find out that the end result is that there is no audit trail left for the auditors to follow. one more thing is table such as audit trail have not been incorporated in the database schema.
we have the following recommendations in mind:
1) to have an embedded I&A utility integrated with the existing database.
2) as the vendor has left the premises i mean there contractual agreement has been concluded way two years back so we cant request to them to do any such thing and also there is no way we can make sure they have not left any back-doors. so we have this option out.
3) any changes to the structure could not incorporated as they database is decentralized and the batches are upload remotely from the sites to the main core.further more expertise require to do such is not available.
one more thing in the whole context is that we in audit department have reminded about the severe implications involved in this case and as such we have to device them a solution.
many thanks for ur review and consideration
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
