Databases Reference
In-Depth Information
the storage location, security on the storage location, and backups to ensure
that the files can be restored to the storage location in case they are deleted
or lost.
13.6
Audit the audit system
In the same way that you must ensure that the auditing information is
secured, you must also ensure that you have a full audit trail to any access
and changes made to auditing information. This includes both the data and
the auditing definitions. An example of the first type is an audit record of
the fact that a user of the auditing system produced a report showing all
DDLs that occurred within the last month. Examples of the second type
include audit records of the fact that a user of the auditing system changed
the definition of an audit report and an assessment report or a schedule for
producing and distributing the audit reports (some examples are shown in
Figure 13.5).
In both cases, you need auditing at the same level as implemented for
your own databases. If you are building your own auditing solution, make
sure you have the right hooks in place to record all of this activity. If you are
using a packaged auditing system, make sure that the system supports this
audit trail; you will almost always be asked this question by your manager
or your audit committee.
Figure 13.5
Auditing system's
audit trail.
Search WWH ::
Custom Search