User Account

All Pages

Auditing database systems and storage systems

Assignment Help Accounting Basics
Reference no: EM13925305

1. In Module 5, we learned what to look for when auditing database systems and storage systems. In general, lets consider both of these as information systems (databases store information and so do storage systems). In this activity you will have to consider the use of these systems in an organization and the importance of their associated audits.

Auditing Essays

You will prepare and submit a number of short papers assigned by the instructor. These auditing examples are an opportunity for you to analyze issues drawn from the reading for the module. Your written analysis will be approximately two to three pages in length. Assignments completed in a narrative essay or composition format must follow APA guidelines. This course will require students to use the citation and reference style established by the American Psychological Association (APA), and students should follow the guidelines set forth in Publication Manual of the American Psychological Association (6th ed.). (2010). Washington, D.C.: American Psychological Association.

In Module 2, we were introduced to the Turner Assembly Group. Take another look at the company network:

Turner Assembly Group Company Network

Additional network information:

Device details: Human Resources contains 6 computers and one printer, one WAP and one camera. Assembly floor contains 8 computers (two are in a break area Kiosk for employee Internet access), two printers, four cameras, two WAPs). Management staff contains 8 computers, two printers, one WAP, one camera.

Human Resources, Assembly floor, and Management Staff are on separate VLANs.

Firewall provides URL filtering (blacklisted URLs denied) and active IDS.

All Internet browsing requests from internal LAN are proxied through the DMZ web server.

Full back up is performed on-site every Saturday. Differential backups on Tuesday and Thursday. Backup media is then removed to an off-site location.

Real-time backups of file changes are encrypted and uploaded to an external storage provider (Carbonite).

WAPs are protected by WPA2 encryption.

All files are stored on the NAS, including individual folders for staff files.

All computers are Windows 7 except the servers in the DMZ and internal LAN, which are Windows Server 2008.

No employees except IT administration have administrative access to their computers.

All computers run anti-virus software with current signatures and have their software firewalls enabled.

One of the application servers hosts Microsoft SQL Server.

The various Access databases used in the organization (HR employee database, contracts database, and inventory database) are stored on the NAS. The NAS capacity is 16 TB (16,000 GB) and is only 20% full. It is a RAID5 system using multiple 2 GB drives with two hot spares available.

Other information that may pertain:

The company does not accept or process credit card information so there is no need for PCI compliance.

The company does maintain personal health records for its employees.

These records are stored in an encrypted format and transmitted via VPN when necessary.

The company has never undergone an IT audit. There have been no external or internal penetration tests. The IT administrator does, however, run weekly vulnerability scans on all computers on the network.

No security awareness training has been provided to any of the employees.

Employees are allowed to use their own mobile devices on the company network.

In your essay, please respond to the following:

How do the auditing steps presented in the database and storage auditing chapters align with the Turner company network?

Does anything in the network architecture or additional information provided raise any red flags in terms of auditing?

What information would the audit team need from the IT security administrator in order to complete the audit?

See the Course Calendar for the due date.

Compose your work using a word processor (or other software as appropriate) and save it frequently to your computer. Be sure to check your work and correct any spelling or grammatical errors before you upload it.

When you are ready to submit your work, click "Browse My Computer" and find your file. Once you have located your file, click "Open" and, if successful, the file name will appear under the Attached files heading. Scroll to the bottom of the page and click "Submit."

Reference

Davis, C., Schiller, M., & Wheeler, K. (2011). IT auditing using controls to protect information assets (2nd ed.). New York, NY: McGraw-Hill Companies.

Auditing Databases

Checklist for Auditing Databases

1. Obtain the database version and compare it against policy requirements. Verify that the database is running a version the vendor continues to support.

2. Verify that policies and procedures are in place to identify when a patch is available and to apply the patch. Ensure that all approved patches are installed per your database management policy.

3. Determine whether a standard build is available for new database systems and whether that baseline has adequate security settings.

4. Ensure that access to the operating system is properly restricted.

5. Ensure that permissions on the directory in which the database is installed, and the database files themselves, are properly restricted.

6. Ensure that permissions on the registry keys used by the database are properly restricted.

7. Review and evaluate procedures for creating user accounts and ensuring that accounts are created only when theres a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change.

8. Check for default usernames and passwords.

9. Check for easily guessed passwords.

10. Check that password management capabilities are enabled.

11. Verify that database permissions are granted or revoked appropriately for the required level of authorization.

12. Review database permissions granted to individuals instead of groups or roles.

13. Ensure that database permissions are not implicitly granted incorrectly.

14. Review dynamic SQL executed in stored procedures.

15. Ensure that row-level access to table data is implemented properly.

16. Revoke PUBLIC permissions where not needed.

17. Verify that network encryption is implemented.

18. Verify that encryption of data at rest is implemented where appropriate.

19. Verify the appropriate use of database auditing and activity monitoring.

20. Evaluate how capacity is managed for the database environment to support existing and anticipated business requirements.

21. Evaluate how performance is managed and monitored for the database environment to support existing and anticipated business requirements.

Checklist for Auditing Storage

1. Document the overall storage management architecture, including the hardware and supporting network infrastructure.

2. Obtain the software version and compare it against policy requirements.

3. Verify that policies and procedures are in place to identify when a patch is available and to evaluate and apply applicable patches. Ensure that all approved patches are installed per your policy.

4. Determine what services and features are enabled on the system and validate their necessity with the system administrator.

5. Review and evaluate procedures for creating administrative accounts and ensuring that accounts are created only when theres a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change.

6. Evaluate the process and policies used for granting and revoking access to storage.

7. Evaluate how capacity is managed for the storage environment to support existing and anticipated business requirements.

8. Evaluate how performance is managed and monitored for the storage environment to support existing and anticipated business requirements.

9. Evaluate the policies, processes, and controls for data backup frequency, handling, and remote storage.

10. Verify that encryption of data-at-rest is implemented where appropriate.

11. Verify that network encryption of data-in-motion is implemented where appropriate.

12. Evaluate the low-level and technical controls in place to segregate or firewall highly sensitive data from the rest of the storage environment.

13. Review and evaluate system administrator procedures for security monitoring.

14. Perform the steps from Chapter 4, Auditing Data Centers and Disaster Recovery, as they pertain to the system you are auditing.

Reference no: EM13925305

Questions Cloud

Rental yards provides construction equipment : Round Table Rental Yards provides construction equipment, trailers, crutches, etc., on short-term rentals. Historically, Art, the owner, has purchased the items that he rents out, but his business has been expanding so rapidly that he is considering ..
Identify six guidelines for drafting effective website conte : Identify six guidelines for drafting effective website content, and offer guidelines for becoming a valuable wiki contributor.Drafting Website ContentMajor sections on websites, particularly those that are fairly static (unlike, say, a blog) function..
Mutually exclusive projects and contingent projects : Raider Productions has to decide whether to build its warehouse in Dallas or Houston. This decision falls into the class of a. independent projects. b. mutually exclusive projects. c. contingent projects. d. marginal projects.
Conduct an analysis of the industry and competitors : What are the best tools to use in this situation and provide a brief summary of at least 2 of these tools and why do you think these are the best ways to analyze the market?
Auditing database systems and storage systems : 1. In Module 5, we learned what to look for when auditing database systems and storage systems. In general, lets consider both of these as information systems (databases store information and so do storage systems). In this activity you will have ..
How will the software impact the production environment : Evaluate and select a security tool for recommendation that you learned about in the iLabs modules or the EC-Council text books.
What can you say about joes performance : Performance analysis shows that he has realized an information ratio of 1 and a t statistic of 1 over this period. What can you say about Joe's performance?
How the blood pressure can be measured : What does a blood pressure measurement of 110/70 mean?
Cash dividend declaration : cash dividend declaration and payment of $1 per share 3) property dividend declaration and payment of shares representing a short-term

Reviews

Write a Review

Accounting Basics Questions & Answers

  Elizabeth sells homemade knit belts for 14 each at local

elizabeth sells homemade knit belts for 14 each at local craft shows. her contribution margin ratio is 62.5. currently

  On january 1 2013 bishop company issued 10 bonds dated

on january 1 2013 bishop company issued 10 bonds dated january 1 2013 with a face amount of 20 million. the bonds

  Auditing standards require auditors to confirm accounts

auditing standards require auditors to confirm accounts receivable with some exceptions. which of the following is not

  Company code of conduct-employee behavior

Discuss whether or not these additional disclosures will both have a positive impact on public confidence and influence investors' behavior. Support your position.

  Journalize the entry to record the adjustment of the assets

david winner is to retire from the partnership of winner and associates as of march 31 the end of the current fiscal

  Explain the top five reasons private companies

Identify and explain the top five reasons private companies go public. Explain information the firm is required to provide to the investor with complete transparency.

  Compute retained earnings

Before the correction was made, and before the books were closed on December 31, 2011, retained earnings was understated by?

  Intercept inc estimated that for 2009 761250 of overhead

intercept inc. estimated that. for 2009 761250 of overhead costs would be incurred at 175000 machine hours. during 2009

  Materials used by the truck division of armstrong motors

materials used by the truck division of armstrong motors are currently purchased from outside suppliers at a cost of

  Given that the land has not actually been used in the

your client alternate fuel inc. a regular corporation owns three sandwich shops in the philadelphia area. in 2011 the

  The herald company has 50000 shares of common stock

the herald company has 50000 shares of common stock outstanding. earnings per share of common stock for the year is

  What type of taxpayers are considered

Heather & Terry have a mortgage on their primary residence of $750,000 and a mortgage on their vacation home of $410,000. In 2013, they incurred $46,400 of mortgage interest expense.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd