Database Auditing Tools and Strategies
Unfortunately, most native database auditing capabilities add overhead to database processing and the amount can be an issue in some situations. Native database audit tools also contain minimal functionality other than creating records of database access. Some native database management system audit tools such as Oracle, DB2 z/OS and IMS do provide some audit record storage, reporting and alerting tools, but these tools often do not meet the segregation of duties requirements that auditors require.
Organizations evaluating a strategy for auditing databases should consider the trade-offs regarding OPEX (operating expense), CAPEX (capital expenditure), and accuracy. The purpose of this paper is to introduce the current options available for database auditing and trade-offs using each.
Ed Chopskie is the Vice President of Marketing for SenSage. Ed’s database management and security experience includes years of DBA and technical support work on DB2, IMS, CICS and RACF at CSX (NYSE:CSX), a $10 billion transportation and logistics company. Additionally, Ed held technical sales roles at BMC Software (NYSE:BMC) where he worked on BMC’s Patrol product line for Oracle, SQL Server and Informix. Ed has presented technical papers at database user groups including IDUG and IOUG.
- Hexis Cyber Solutions Inc
- 10 Nov 2008
- 30 Oct 2008
- 13 Page(s)
- White Paper