Logical Access to Systems and Data/Information Security

Risks, Vulnerabilities and Threats 

  • Inappropriate access allowing known users greater access than necessary which could continue without detection
  • Unauthorized users could anonymously access systems without accountability and have access to information
  • Compromised database objects and data
  • Unauthorized job scheduling procedures and unsecured stored procedures
  • Not being able to access systems, DBMS’s and servers in the event of a system interruption or disaster

     

Control Objectives and Operational Goals

  • Authentication (encryption, identification) controls need to be strong
  • Roles and privileges should be granted only to authorized users
  • Security incidents need to be detected and resolved
  • Reports highlighting anomalous activity and behavior patterns
  • Report reviewers need to discuss unacceptable behaviors and suggestions for change with users
  • Job scheduling procedures and stored procedures need to be secure
  • An alternate method to identify and register users needs to be tested and available when needed