Database Audit System Design and Implementation
Article Sidebar
Main Article Content
Abstract
Database auditing has become a very important aspect of security as organizations today use database management systems (DBMS) as the main asset that stores, maintains and monitors sensitive information. Using the Computer-Assisted Audit Technique (CAAT) technique can make it easier for auditors to complete the audit. This study aims to build an automatic tool for conducting database audits in the category of log on / off audit, database usage audit, database usage outside operating hour audit, and security attribute audit (privileges, user / login, and password changes. The resulting audit in this study begins with creating an audit environment, logging and then producing an audit report. Creating triggers and logs are the steps in obtaining data for the audit process. The resulting reports include suspicious access, inactive users, access outside of operational hours, and Inactive users are accompanied by recommendations that can be used by the auditor when conducting the audit.
Downloads
Article Details
[2] “ISACA GLOSSARY,” www.isaca.org/pages/glossary.aspx?tid=1095&char=A .
[3] H. Abou-El-Sood, A. Kotb, and A. Allam, “Exploring Auditors’ Perceptions of the Usage and Importance of Audit Information Technology,” International Journal of Auditing, vol. 19, no. 3, pp. 252–266, 2015, doi: 10.1111/ijau.12039.
[4] S. D. Gantz, The Basics of IT Audit: Purposes, Processes, and Practical Information. 2013. doi: 10.1016/C2013-0-06954-X.
[5] S. A. Sayana, “Using CAATs to support IS audit,” Information Systems Control Journal, vol. 1, pp. 21–23, 2003.
[6] I. Maciejewska, “Computer-assisted audit tools in relation with international standard on quality control 1 (ISQ1): (Based on experiences from polish small audit practices),” in 2015 10th Iberian Conference on Information Systems and Technologies, CISTI 2015, 2015, pp. 15–16. doi: 10.1109/CISTI.2015.7170617.
[7] N. A. Ismail and A. Z. Abidin, “Perception towards the importance and knowledge of information technology among auditors in Malaysia,” Journal of Accounting and Taxation, vol. 1, no. 4, pp. 61–69, 2009.
[8] N. Mahzan and A. Lymer, “Examining the adoption of computer-assisted audit tools and techniques: Cases of generalized audit software use by internal auditors,” Managerial Auditing Journal, vol. 29, no. 4, pp. 327–349, 2014, doi: 10.1108/MAJ-05-2013-0877.
[9] I. Pedrosa and C. Costa, “Computer assisted Audit Tools in real world: Idea applications and approache’s in real context,” in Proc. of the IADIS Int. Conf. Intelligent Systems and Agents 2010, Proc. of the IADIS European Conference on Data Mining 2010, Part of the MCCSIS 2010, 2010, pp. 151–155.
[10] Narongit Waraporn, “Database Auditing Design on Historical Data,” Proceedings of the Second International Symposium on Networking and Network Security (ISNNS ’10), vol. 1, pp. 275–281, 2010.
[11] O. O. Matthew and C. Dudley, “Critical Assessment of Auditing Contributions to Effective and Efficient Security in Database Systems,” 2015, pp. 1–11. doi: 10.5121/csit.2015.50801.
[12] J. Woo, S. Lee, and C. Zoltowski, Database Auditing. 2006.
[13] Implementing Database Security and Auditing. Burlington: Elsevier Inc, 2009. doi: 10.1016/b978-1-55558-334-7.x5000-2.
[14] M. Bishop, Computer Security Art and Science. 2003.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.