August 26, 2004 at 1:48 pm
I'm undergoing a security audit. I've been told that 'Database object baselines should be established and maintained to help detection of unauthorized modification'. How do I create this ???
August 27, 2004 at 3:23 am
Store the DB object definitions...ie the DDL + SP's....in a version-control application like MS Sourcesafe (or other better products).
Apply a security policy to ensure the objects in the DB can only be updated in a controlled manner.
Make all changes to the DDL + SP's via the version-control application.
The above is a rough-sketch of what you need to do.....but I would actually advise you to talk to your security/audit people to 'clarify their intentions'. You might feel it would expose you to the "I'm not sure what I'm doing" scenario....but the benefits of establishing a proper partnership with the security/audit people should more than overcome that (minor) fear.
August 27, 2004 at 7:24 am
Thanks!!!!
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply