Data Base Administration

Risks, Vulnerabilities and Threats

  • Compromise of default administrative privileges and roles
  • DBA Support and Access Control duties are the same by default
  • Operating System programmers have direct database access
  • Unauthorized job scheduling or unsecured DB stored procedures
  • Default operational parameters in use

 

Control Objectives and Operational Goals

  • “DBA and Application Support” and “Security, Access and Auditing” duties need to be separated
  • System programmers (Operating System) access to Databases needs to be monitored
  • DB operational parameters should be set to the highest available control level