KL - Database Audit Program

DATABASE AUDIT PROGRAM
SECURITY
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
Audit Audit Audit Audit
Control Control Procedures
Procedures Procedures Procedures Procedures Impact Impact
Objectives Activity (Oracle
(DB2) (Oracle) (SYBASE) (Progress)
RDB7)
Define IT Strategy and Organization
1.1 Security IT strategies/ 1. Review the 1. Review the 1. Review the 1. Review the If the 1. Review the If the
Policies policies and organization's organization's organization's organization's organization organization's organization
security security policy. security policy. security policy. security policy. does not have security policy. does not have
policies have a security a security
been policy policy
established to covering the covering the
provide the handling of handling of
organization’s data and data and
general access in access in
security DB2, there is DB2, there is
guidelines. a risk of data a risk of data
security security
comprising comprising
instability in instability in
the DB2 the DB2
system. system.
1.2 IT 1. Review the 1. Review the 1. Review the 1. Review the An 1. Review the An
Administration management organizational organizational organizational organizational inappropriate organizational inappropriate
and has structure to structure to structure to structure to organizational structure to organizational
Organization implemented a determine who determine who determine who determine who structure can determine who structure can
division of is responsible is responsible is responsible is responsible lead to is responsible lead to
roles and for the for the for the for the deficiencies in for the deficiencies in
responsibilities installation of installation of installation of installation of the installation of the
(segregation the software, the software, the software, the software, segregation the software, segregation
of duties) that performance performance performance performance of duties and performance of duties and
reasonably monitoring, monitoring, monitoring, monitoring, consequently, monitoring, consequently,
prevents a administration administration administration administration to administration to
single of security, of security, of security, of security, deficiencies in of security, deficiencies in
individual database database database database the internal database the internal
within IT from design and design and design and design and controls. design and controls.
subverting a application application application application application
critical development. development. development. development. development.
process.
2. Ensure that 2. Ensure that 2. Ensure that 2. Ensure that 2. Ensure that
the the the the the
1 Source: www.knowledgeleader.com
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
organizational organizational organizational organizational organizational

structure structure structure structure structure
provides an provides an provides an provides an provides an
adequate adequate adequate adequate adequate
division of division of division of division of division of
duties for duties for duties for duties for duties for
control and control and control and control and control and
security. security. security. security. security.
Individuals Individuals Individuals Individuals Individuals
should not should not should not should not should not
have total have total have total have total have total
responsibility responsibility responsibility responsibility responsibility
for all areas. for all areas. for all areas. for all areas. for all areas.
Specifically, Specifically, Specifically, Specifically, Specifically,
ensure that ensure that ensure that ensure that ensure that
administration administration administration administration administration
of security, of security, of security, of security, of security,
change change change change change
management, management, management, management, management,
and database and database and database and database and database
design and design and design and design and design and
application application application application application
development development development development development
functions are functions are functions are functions are functions are
segregated. segregated. segregated. segregated. segregated.
Manage Security
2.1 New User Procedures 1. Inquire from 1. Inquire from 1. Inquire from 1. Inquire from 1. Inquire from
Access exist to ensure the the the the the
that the appropriate appropriate appropriate appropriate appropriate
requested individual of individual of individual of individual of individual of
access is the process in the process in the process in the process in the process in
documented place to place to place to place to place to
and approved request new request new request new request new request new
before access user access. user access. user access. user access. user access.
privileges are Ensure that Ensure that Ensure that Ensure that Ensure that
granted to internal internal internal internal internal
systems and controls are in controls are in controls are in controls are in controls are in
data. place to verify place to verify place to verify place to verify place to verify
that requested that requested that requested that requested that requested
access is access is access is access is access is
appropriate appropriate appropriate appropriate appropriate
and approved. and approved. and approved. and approved. and approved.
The internal The internal The internal The internal The internal
controls may controls may controls may controls may controls may
include include include include include
documentation documentation documentation documentation documentation
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
of requested of requested of requested of requested of requested

access and access and access and access and access and
approval. approval. approval. approval. approval.
an an an an an
authorization authorization authorization authorization authorization
list exists that list exists that list exists that list exists that list exists that
defines the defines the defines the defines the defines the
approver/reso approver/reso approver/reso approver/reso approver/reso
urce owners urce owners urce owners urce owners urce owners
that must that must that must that must that must
approve the approve the approve the approve the approve the
requested requested requested requested requested
access before access before access before access before access before
granting the granting the granting the granting the granting the
access. access. access. access. access.
3. Examine 3. Examine 3. Examine 3. Examine 3. Examine
and evaluate and evaluate and evaluate and evaluate and evaluate
whether the whether the whether the whether the whether the
segregation of segregation of segregation of segregation of segregation of
duties is duties is duties is duties is duties is
supported by supported by supported by supported by supported by
internal internal internal internal internal
controls. controls. controls. controls. controls.
4. Review and 4. Review and 4. Review and 4. Review and 4. Review and
evaluate the evaluate the evaluate the evaluate the evaluate the
various various various various various
authorization authorization authorization authorization authorization
levels for one levels for one levels for one levels for one levels for one
or more or more or more or more or more
production production production production production
environments. environments. environments. environments. environments.
Evaluate the Evaluate the Evaluate the Evaluate the Evaluate the
extent and extent and extent and extent and extent and
reasonablenes reasonablenes reasonablenes reasonablenes reasonablenes
s of these s of these s of these s of these s of these
authorizations, authorizations, authorizations, authorizations, authorizations,
taking into taking into taking into taking into taking into
consideration consideration consideration consideration consideration
the user’s the user’s the user’s the user’s the user’s
function and function and function and function and function and
place in the place in the place in the place in the place in the
organization. organization. organization. organization. organization.
5. Examine 5. Examine 5. Examine 5. Examine 5. Examine
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
and evaluate and evaluate and evaluate and evaluate and evaluate
whether the whether the whether the whether the whether the
privileged privileged privileged privileged privileged
user’s access user’s access user’s access user’s access user’s access
to DB2 is to Oracle is to SYBASE is to Progress is to Oracle
controlled in controlled in controlled in controlled in RDB7 is
accordance accordance accordance accordance controlled in
with with with with accordance
procedures. procedures. procedures. procedures. with
procedures.
6. The auditor 6. The auditor 6. The auditor 6. The auditor
may decide to may decide to may decide to may decide to 6. The auditor
select one or select one or select one or select one or may decide to
more more more more select one or
production production production production more
databases and databases and databases and databases and production
find the RACF/ find the Oracle find the find the databases and
ACF2 groups, roles, user IDs SYBASE Progress find the RDB7
RACF/ and roles, user IDs roles, user IDs roles, user IDs
ACF2 user IDs applications and and and
and that have applications applications applications
applications access to the that have that have that have
that have production access to the access to the access to the
access to the data. Review production production production
production and evaluate data. Review data. Review data. Review
data. the selected and evaluate and evaluate and evaluate
Remember authorizations the selected the selected the selected
that install- in accordance authorizations authorizations authorizations
SYSADM user with in accordance in accordance in accordance
IDs have regulations. with with with
access to data For instance, regulations. regulations. regulations.
even if they do do personal For instance, For instance, For instance,
not appear user IDs have do personal do personal do personal
from access where user IDs have user IDs have user IDs have
SYSIBM.TABA this should access where access where access where
UTH. Review have been this should this should this should
and evaluate granted have been have been have been
the selected through an granted granted granted
authorizations Oracle role? through a through a through a
in accordance Typical users SYBASE role? Progress role? RDB7 role?
with do not need Typical users Typical users Typical users
regulations. access to do not need do not need do not need
For instance, Oracle through access to access to access to
do personal their user IDs SYBASE Progress RDB7 through
user IDs have since the through their through their their user IDs
access where access to user IDs since user IDs since since the
this should necessary the access to the access to access to
have been data is gained necessary necessary necessary
granted through the data is gained data is gained data is gained
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
through a application through the through the through the

RACF/ACF2 that the user application application application
group? Typical uses (e.g., that the user that the user that the user
users don’t SAP). uses. uses. uses.
need access
to DB2
through their
user IDs since
the access to
necessary
data is gained
through the
application
that the user
uses (for
instance, a
CICS
transaction).
Applications
are known by
GRANTEETY
PE = “P” in the
authorization
table.
7. Evaluate 7. Request a 7. Request a 7. Request a 7. Request a

whether all list of users list of list of list of
relevant DB2 from the database database database
systems are dba_users users and users and users and
defined in the table and sample user sample user sample user
RACROUTE- sample user accounts accounts accounts
MACRO accounts created within created within created within
(ICHRFR01) created within the period the period the period
(Load is found the period under review. under review. under review.
in under review. Review user- Review user- Review user-
SYS1.LINKLI, Review user- access access access
inquire about access request forms request forms request forms
the location of request forms related to related to related to
the production related to these these these
source to these accounts and accounts and accounts and
verify that all accounts and ensure that ensure that ensure that
relevant DB2 ensure that access access access
systems have access provided provided provided
been defined). provided complies with complies with complies with
If a DB2 complies with access access access
system is not access requested and requested and requested and
defined in the requested and approved on approved on approved on
RACROUTE- approved on the request the request the request
MACRO, the request
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
anyone will form. form. form. form.

have unlimited
access to use 8. Evaluate 8. Evaluate 8. Evaluate 8. Evaluate
the system whether the whether the whether the whether the
from required required required required
anywhere, coordination coordination coordination coordination
regardless of between between between between
the profiles Oracle and the SYBASE and Progress and RDB7 and the
and access OS has been the OS has the OS has OS has been
paths defined established. been been established.
in the DSNR established. established.
9. Examine 9. Examine
class in RACF. and evaluate 9. Examine 9. Examine and evaluate
In this (by sampling, and evaluate and evaluate (by sampling,
connection, it if necessary) (by sampling, (by sampling, if necessary)
is also whether the if necessary) if necessary) whether the
important to DB whether the whether the DB
review and authorization DB DB authorization
evaluate IDs have been authorization authorization IDs have been
whether all defined IDs have been IDs have been defined
names for DB2 through the defined defined through the
systems with OS. through the through the OS.
data sharing OS. OS.
have been
defined in the
RACROUTE-
MACRO and
DSNR class.
8. Evaluate
whether the
required
coordination
between
RACF and
DB2 has been
established.
9. Examine
and evaluate
(by sampling,
if necessary)
whether the
DB2
authorization
IDs have been
defined in
RACF.
2.2 Access Procedures 1. Interview 1. Interview 1. Interview 1. Interview If access for a 1. Interview If access for a
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
Termination are in place to the the the the terminated the terminated
ensure that appropriate appropriate appropriate appropriate employee is appropriate employee is
access for a individual to individual to individual to individual to not disabled individual to not disabled
terminated ensure that ensure that ensure that ensure that in a timely ensure that in a timely
employee is access for access for access for access for manner, there access for manner, there
disabled in a terminated terminated terminated terminated is a risk that terminated is a risk that
timely manner. employees is employees is employees is employees is unauthorized employees is unauthorized
disabled in a disabled in a disabled in a disabled in a access via disabled in a access via
timely manner timely manner timely manner timely manner their old timely manner their old
to mitigate the to mitigate the to mitigate the to mitigate the account can to mitigate the account can
risk of risk of risk of risk of be obtain risk of be obtain
unauthorized unauthorized unauthorized unauthorized when they are unauthorized when they are
access via access via access via access via no longer access via no longer
their old their old their old their old authorized to their old authorized to
accounts. accounts. accounts. accounts. do so. accounts. do so.
2. Review a 2. Review a 2. Review a 2. Review a 2. Review a
list of list of list of list of list of
terminated terminated terminated terminated terminated
individuals that individuals that individuals that individuals that individuals that
had database had database had database had database had database
access and access and access and access and access and
select a select a select a select a select a
sample of sample of sample of sample of sample of
terminated terminated terminated terminated terminated
users. users. users. users. users.
Compare the Compare the Compare the Compare the Compare the
sample to the sample to the sample to the sample to the sample to the
list of current list of current list of current list of current list of current
users. users. users. users. users.
2.3 Inactive Accounts that 1. Request a 1. Request a 1. Request a 1. Request a Dormant 1. Request a Dormant
Account have not been list of all user list of all user list of all user list of all user entries are a list of all user entries are a
Expiration used for IDs on the IDs on the IDs on the IDs on the target for IDs on the target for
greater than database with database with database with database with intruders, as database with intruders, as
60 days are the the the the the account the the account
disabled. corresponding corresponding corresponding corresponding user will not corresponding user will not
last date of last date of last date of last date of notice the last date of notice the
access. access access. access. activity. access. activity.
Review this list (dba_users Review this list Review this list Inactive Review this list Inactive
to ensure that table). Review to ensure that to ensure that accounts may to ensure that accounts may
dormant this list to dormant dormant also belong to dormant also belong to
accounts are ensure that accounts are accounts are a terminated accounts are a terminated
disabled. dormant disabled. disabled. employee disabled. employee
accounts are who could who could
disabled. then gain then gain
access via access via
their old their old
account when account when
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
they are no they are no

longer longer
authorized to authorized to
do so. do so.
2.4 User Access A control 1. Inquire from 1. Inquire from 1. Inquire from 1. Inquire from Dormant 1. Inquire from Dormant
Review process a system a system a system a system entries are a a system entries are a
should exist to administrator if administrator if administrator if administrator if target for administrator if target for
periodically a periodic a periodic a periodic a periodic intruders, as a periodic intruders, as
review and recertification recertification recertification recertification the account recertification the account
confirm of user access of user access of user access of user access user will not of user access user will not
access rights. is performed. is performed. is performed. is performed. notice the is performed. notice the
activity. activity.
2. Review 2. Review 2. Review 2. Review Inactive 2. Review Inactive
recertification recertification recertification recertification accounts may recertification accounts may
documentation documentation documentation documentation also belong to documentation also belong to
to ensure that to ensure that to ensure that to ensure that a terminated to ensure that a terminated
periodic periodic periodic periodic employee periodic employee
recertification recertification recertification recertification who could recertification who could
is performed. is performed. is performed. is performed. then gain is performed. then gain
3. Select a 3. Select a 3. Select a 3. Select a access via 3. Select a access via
sample of sample of sample of sample of their old sample of their old
database user database user database user database user account when database user account when
IDs that a IDs that a IDs that a IDs that a they are no IDs that a they are no
change in change in change in change in longer change in longer
access access access access authorized to access authorized to
privileges was privileges was privileges was privileges was do so. privileges was do so.
requested and requested and requested and requested and requested and
access access access access access
privileges have privileges have privileges have privileges have privileges have
been changed. been changed. been changed. been changed. been changed.
2.5 Pre-expired When granting 1. Interview 1. Interview 1. Interview 1. Interview Account 1. Interview Account
Accounts for access to the system the system the system the system expiration the system expiration
Nonemployees nonemployees administrator administrator administrator administrator ensures that administrator ensures that
, accounts will to determine if to determine if to determine if to determine if the temporary to determine if the temporary
be preset to procedures procedures procedures procedures and contract procedures and contract
expire after are in place for are in place for are in place for are in place for users are are in place for users are
their planned creating creating creating creating prevented creating prevented
project temporary temporary temporary temporary from gaining temporary from gaining
completion accounts for accounts for accounts for accounts for access to accounts for access to
date. use by use by use by use by corporate use by corporate
vendors in the vendors in the vendors in the vendors in the resources vendors in the resources
course of the course of the course of the course of the after their course of the after their
duties. duties. duties. duties. contract ends. duties. contract ends.
Determine if Determine if Determine if Determine if Determine if
the procedures the procedures the procedures the procedures the procedures
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
call for the call for the call for the call for the call for the
immediate immediate immediate immediate immediate
removal of removal of removal of removal of removal of
these these these these these
accounts accounts accounts accounts accounts
following following following following following
completion of completion of completion of completion of completion of
the vendor's the vendor's the vendor's the vendor's the vendor's
work. work. work. work. work.
2.6 Expiration of The system 1. The system 1. The system 1. The system 1. The system Vendors 1. The system Vendors
Vendor-Created administrator administrator administrator administrator administrator sometimes administrator sometimes
Accounts will ensure will ensure that will ensure that will ensure that will ensure that create will ensure that create
that any any accounts any accounts any accounts any accounts accounts for any accounts accounts for
accounts created by a created by a created by a created by a their own use created by a their own use
created by a vendor are vendor are vendor are vendor are (or a vendor are (or a
vendor during immediately immediately immediately immediately process's immediately process's
installation are disabled or disabled or disabled or disabled or use) when disabled or use) when
immediately removed, removed, removed, removed, performing removed, performing
disabled or following following following following their duties. following their duties.
removed completion of completion of completion of completion of These completion of These
following their work. their work. their work. their work. accounts are their work. accounts are
completion of This can be This can be This can be This can be usually This can be usually
their work. done as done as done as done as temporary in done as temporary in
follows: follows: follows: follows: nature and follows: nature and
should be should be
1. Prior to 1. Prior to 1. Prior to 1. Prior to disabled and 1. Prior to disabled and
granting a granting a granting a granting a removed granting a removed
vendor vendor vendor vendor upon vendor upon
access, access, access, access, completion of access, completion of
determine determine determine determine the vendor's determine the vendor's
which which which which work. Not which work. Not
accounts have accounts have accounts have accounts have removing or accounts have removing or
been set up in been set up in been set up in been set up in disabling been setup in disabling
the system. the system by the system. the system. these the system. these
reviewing the accounts accounts
2. Following dba_users 2. Following 2. Following 2. Following
the removal of the removal of the removal of increases the the removal of increases the
table. risk that they
the temporary the temporary the temporary the temporary risk that they
vendor 2. Following vendor vendor will be used vendor will be used
account, the removal of account, account, for account, for
determine the temporary determine determine unauthorized determine unauthorized
which vendor which which access. which access.
accounts exist account, rerun accounts exist accounts exist accounts exist
in the system. the same in the system. in the system. in the system.
Compare the query. Compare the Compare the Compare the
list of accounts Compare the list of accounts list of accounts list of accounts
to determine if list of accounts to determine if to determine if to determine if
any new to determine if any new any new any new
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
unauthorized any new unauthorized unauthorized unauthorized

accounts have unauthorized accounts have accounts have accounts have
been created. accounts have been created. been created. been created.
If new been created. If new If new If new
accounts are If new accounts are accounts are accounts are
identified, accounts are identified, identified, identified,
consult with identified, consult with consult with consult with
the vendor to consult with the vendor to the vendor to the vendor to
determine their the vendor to determine their determine their determine their
purpose. determine their purpose. purpose. purpose.
purpose.
3. Interview 3. Interview 3. Interview 3. Interview
the system 3. Interview the system the system the system
administrator the system administrator administrator administrator
to determine if administrator to determine if to determine if to determine if
procedures to determine if procedures procedures procedures
are in place for procedures are in place for are in place for are in place for
determining if are in place for determining if determining if determining if
vendors determining if vendors vendors vendors
created any vendors created any created any created any
accounts while created any accounts while accounts while accounts while
having access accounts while having access having access having access
to the system having access to the system to the system to the system
and the to the system and the and the and the
subsequent and the subsequent subsequent subsequent
removal or subsequent removal or removal or removal or
disabling of removal or disabling of disabling of disabling of
these disabling of these these these
accounts these accounts accounts accounts
immediately accounts immediately immediately immediately
following immediately following following following
completion of following completion of completion of completion of
the vendor's completion of the vendor's the vendor's the vendor's
work. the vendor's work. work. work.
work.
2.7 High-Level Access to 1. Obtain a 1. Obtain a 1. Obtain a 1. Obtain a 1. Obtain a

Administrative high-level complete list of complete list of complete list of complete list of complete list of
Privileges administrative security security security security security
privileges administrators administrators, administrators, administrators, administrators,
should be as identified by as identified by as identified by as identified by as identified by
restricted to management. management. management. management. management.
people who
require them 2. Determine 2. To test 2. Determine 2. Determine 2. Determine
as part of their who has the privileges who has who has who has
defined duties. following high- associated access to access to access to
level with user ID high-level high-level high-level
administrative administration administrative administrative administrative
privileges for (create/ privileges for privileges for privileges for
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
the database alter/ the database. the database. the database.

under review drop), the
from review of following three 3. Ensure that 3. Ensure that 3. Ensure that
the steps should the above the above the above
SYSDBAUTH be completed: listed high- listed high- listed high-
and level level level
SYSUSERAU 2a. Identify all authorities are authorities are authorities are
TH tables in roles that exist not held with not held with not held with
the DB2 in the the grant the grant the grant
catalog: database by option unless option unless option unless
reviewing the necessary. necessary. necessary.
A. SYSADM dba_roles
table. 4. Ensure that 4. Ensure that 4. Ensure that
B. SYSCTRL a process is in a process is in a process is in
2b. Identify all place to place to place to
C. SYSOPR roles that have monitor the monitor the monitor the
D. DBADM access to the use of system use of system use of system
(create/ default admin default admin default admin
E. PACKADM alter/ IDs. IDs. IDs.
drop) user-role
F. DBMAINT privileges. This
can be
G. DBCTRL
accomplished
Database through a
security review of the
access: This dba_sys_privs
query lists the table and
IDs having comparing the
access at the privileges to
DB2 database the dba_roles
level to table.
perform
The Oracle
administrative
default roles,
and
which come
maintenance
preconfigured
functions.
with these
SELECT A privileges, are
DISTINCT the DBA and
GRANTOR, import_full_dat
GRANTEE, abase roles.
GRANTEETY The DBA role
PE, always needs
“DATABASE” all system
FROM privileges to
SYSDBAUTH perform
ORDER BY necessary
GRANTEE, database-user
GRANTEETY maintenance.
PE. The
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
3. Ensure that import_full_dat

the above abase role
listed high- needs to be
level able to create/
authorities are drop roles and
not held with users so that it
the grant can be used to
option unless create (and
necessary. drop)
necessary
4. Ensure that database
a process is in accounts
place to during a
monitor the database
use of system import. All
default admin other roles,
IDs. which are
granted these
privileges, do
not exist by
default. These
roles will
generally be
created
specifically for
security
administration
needs without
authorizing
DBA-level
access.
N/A 2c. Identify all N/A N/A N/A

usernames
that have been
granted roles
with the
create/alter/dr
op user/role
privilege(s)
using the
results from
query 2b
above. This
can be
accomplished
through the
review of the
dba_role_privs
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
table and
comparing the
privileges to
the dba_roles
table.
Note:
Grantees
returned from
this query may
themselves be
roles since
roles can be
assigned to
other roles.
When a return
value is a role,
use the tables
in statement
2c to find a list
of actual
usernames
that belong to
that role (refer
to testing Step
2a above for a
complete list of
roles). Multiple
recursions of
the script may
be necessary
to get to the
final list of
users
associated
with a role
depending on
the role
hierarchy
created in the
Oracle
database. The
default
hierarchy for
Oracle
involves two
levels of roles
to get to the
final user
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
account. For
instance, the
DBA role is
granted to the
import_full_dat
abase role,
which is
granted to the
user account
system. Also,
note that the
default roles
found in
statement 2b
are both
assigned
automatically
to the
database
username
system during
the basic
Oracle
installation.
The DBA role
is
automatically
assigned to
the database
username
system during
the basic
Oracle
installation.
From the list of
usernames
with
create/alter/dr
op user/role
privileges
identified in 2c,
evaluate
whether the
list is
appropriate by
comparing it to
the list
provided by
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
management.
In general,
only the
security
administrator
and/or
database
administrator
should have
the ability to
create, alter or
drop users and
roles.
N/A 2d. Identify all N/A N/A N/A

usernames
that have been
directly
granted the
create/alter/dr
op user/role
privileges in
the database.
This can be
accomplished
by reviewing
the
dba_sys_privs
and dba_users
tables.
From the list of
usernames
with
create/alter/dr
op user/role
privileges
identified,
evaluate
whether the
list is
appropriate by
comparing it to
the list
provided by
management.
In general,
only the
security
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
administrator
and/or
database
administrator
should have
the ability to
create, alter or
drop users and
roles.
N/A 3. In addition N/A N/A N/A

to
create/alter/dr
op, there are
two powerful
user
administration
privileges
involving the
privilege to
“grant.” To test
the “grant any
privilege” and
“grant any
role”
privileges,
which should
only be
assigned to
the security
and/or
database
administrators,
complete the
following three
steps:
3a. Identify all
roles that have
the “grant any
privilege”
and/or “grant
any role”
system
privileges. This
can be
accomplished
by reviewing
the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
dba_sys_privs
(where
privilege =
“grant any
privilege” or
“grant any
role”) and
dba_roles
tables.
The only
default role
with both
these
privileges is
the DBA role.
The DBA role
requires these
privileges to
initially grant
privileges to
database
usernames
after
installation and
username
creation. All
other roles
having these
privileges do
not own these
privileges by
default.
N/A 3b. Using the N/A N/A N/A

results from
above, identify
all usernames
that have been
granted roles
with the “grant
any privilege”
or “grant any
role”
privileges. This
can be
accomplished
through the
review of the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
dba_role_privs
and dba_roles
table.
Note: The
grantees
returned from
this review
may
themselves be
roles since
roles can be
assigned to
other roles.
When a return
value is a role,
find the list of
actual
usernames
that belong to
that role (refer
to testing Step
3a above for a
complete list of
roles). Also,
note that the
basic package
installation role
"DBA" is
automatically
assigned to
the database
user accounts
sys and
system.
From the list of
usernames
with the
"grant"
privileges
identified,
evaluate
whether the
list is
appropriate by
comparing it to
the list
provided by
management.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
In general,
only the
security
administrator
and/or
database
administrator
should have
the ability to
grant
privileges to
users and
roles.
N/A 3c. Identify all N/A N/A N/A

usernames
that have been
directly
granted the
‘grant any
privilege”
and/or “grant
any role”
privileges in
the database.
This can be
accomplished
by reviewing
the
dba_sys_privs
and dba_users
tables (for
privilege =
“grant any
privilege” or
“grant any
role”).
From the list of
usernames
with the
"grant"
privileges
identified in
this query,
evaluate
whether the
list is
appropriate by
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
comparing it to
the list
provided by
management.
In general,
only the
security
administrator
and/or
database
administrator
should have
the ability
grant
privileges to
users and
roles.
2.8 High-level Sensitive DB Sensitive Review the Review the Review the Review the
Administrative functions used functions are logging policy logging policy logging policy logging policy
Privileges by those with recorded on and ensure and ensure and ensure and ensure
SYS, SMF records, that sensitive that sensitive that sensitive that sensitive
SYSADMN, which can be DB2 functions DB2 functions DB2 functions DB2 functions
SYSCTRL, extracted on a are logged. are logged. are logged. are logged.
SYSOPR, regular basis Inquire from Inquire from Inquire from Inquire from
DBADM, and further management management management management
PACKADM, analyzed to how this log is how this log is how this log is how this log is
DBMAINT and detect any reviewed. reviewed. reviewed. reviewed.
DBCTRL suspicious
privileges activities.
should be
logged for Review the
review. These logging policy
logs should be and ensure
reviewed by that sensitive
management DB2 functions
(someone are logged.
other than the Inquire from
security management
administrator how this log is
or DBA with reviewed.
aforementione
d privileges).
2.9 Security The IT security Reports can Reports can Reports can Reports can Reports can
Incidents administrator be utilized to be utilized to be utilized to be utilized to be utilized to
or designated indicate indicate indicate indicate indicate
personnel applications applications applications applications applications
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
monitors and where access where access where access where access where access
logs security has failed so has failed so has failed so has failed so has failed so
activity. that that that that that
Identified investigations investigations investigations investigations investigations
security can be carried can be carried can be carried can be carried can be carried
violations are out. out. out. out. out.
reported to
senior Inquire from Inquire from Inquire from Inquire from Inquire from
management the Security/ the Security/ the Security/ the Security/ the Security/
and
investigated in Database Database Database Database Database
a timely Administrator if Administrator if Administrator if Administrator if Administrator if
manner per an Incidence an Incidence an Incidence an Incidence an Incidence
established Handling Handling Handling Handling Handling
procedures. Policy has Policy has Policy has Policy has Policy has
been created. been created. been created. been created. been created.
Review the Review the Review the Review the Review the
Incident Incident Incident Incident Incident
Handling Handling Handling Handling Handling
Policy and Policy and Policy and Policy and Policy and
Procedures Procedures Procedures Procedures Procedures
document. document. document. document. document.
Request an Request an Request an Request an Request an
incident log. incident log. incident log. incident log. incident log.
Select a Select a Select a Select a Select a
sample of sample of sample of sample of sample of
incidents and incidents and incidents and incidents and incidents and
inquire from inquire from inquire from inquire from inquire from
relevant relevant relevant relevant relevant
individual if the individual if the individual if the individual if the individual if the
incident(s) incident(s) incident(s) incident(s) incident(s)
have been have been have been have been have been
resolved. resolved. resolved. resolved. resolved.
2.10 Password Ensure that Interview the Interview the Interview the Interview the Passwords Interview the Passwords
Configuration passwords are System System System System that are System that are
not easily Administrator Administrator Administrator Administrator simple to Administrator simple to
guessable to determine if to determine if to determine if to determine if guess or are to determine if guess or are
(i.e., words any third-party any third-party any third-party any third-party short in length any third-party short in length
found in a products or in- products or in- products or in- products or in- give intruders products or in- give intruders
dictionary, or a house controls house controls house controls house controls an easy house controls an easy
variation on have been have been have been have been opportunity to have been opportunity to
the developed developed developed developed gain developed gain
username); requiring a requiring a requiring a requiring a unauthorized requiring a unauthorized
that they do user to select user to select user to select user to select access to the user to select access to the
not pertain a password a password a password a password system. a password system.
directly to a that is not null, that is not null, that is not null, that is not null, that is not null,
user's family not easily not easily not easily not easily not easily
or personal guessed, and guessed, and guessed, and guessed, and guessed, and
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
interests; and contains both contains both contains both contains both contains both
that they alpha and alpha and alpha and alpha and alpha and
contain both numeric numeric numeric numeric numeric
alpha and characters. characters. characters. characters. characters.
numeric
characters. Obtain and Obtain system Obtain and Obtain and Obtain and
Passwords for review the and password review the review the review the
normal system password resource password password password
users will be a configuration parameters configuration configuration configuration
minimum of 8 settings. configured for settings. settings. settings.
characters. Ensure that each profile by Ensure that Ensure that Ensure that
Passwords for password reviewing the password password password
privileged configuration dba_profiles configuration configuration configuration
users will be a complies with table (use the complies with complies with complies with
minimum of 12 the profile names the the the
characters. organization's obtained from organization's organization's organization's
password the dba_users password password password
policy and best table). Also policy and best policy and best policy and best
practice. review the practice. practice. practice.
INIT_ORA file.
Review the
password
configuration
settings.
Determine if
the
PASSWORD_
VERIFY_FUN
CTION is
used. Ensure
that password
configuration
complies with
the
organization's
password
policy and best
practice.
2.11 Password Ensure that Interview the Interview the Interview the Interview the Integrity of Interview the Integrity of
Expiration passwords are System System System System passwords System passwords
changed a Administrator Administrator Administrator Administrator tend to Administrator tend to
minimum of to determine if to determine if to determine if to determine if decline over to determine if decline over
every 90 days any third-party any third-party any third-party any third-party time - the any third-party time - the
for all non- products, in- products, in- products, in- products, in- older a products, in- older a
privileged house house house house password is house password is
accounts and automated automated automated automated the more automated the more
30-day controls, or controls, or controls, or controls, or likely it is to controls, or likely it is to
minimum manual manual manual manual be known. manual be known.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
change for all procedures procedures procedures procedures Frequent procedures Frequent
privileged have been have been have been have been password have been password
accounts. developed/ developed/ developed/ developed/ changes limit developed/ changes limit
implemented implemented implemented implemented the time implemented the time
requiring a requiring a requiring a requiring a during which requiring a during which
user to change user to change user to change user to change a user to change a
their password their password their password their password compromised their password compromised
on a periodic on a periodic on a periodic on a periodic password can on a periodic password can
basis. basis. basis. basis. be used to basis. be used to
gain gain
Select a Select a Select a Select a unauthorized Select a unauthorized
sample of non- sample of non- sample of non- sample of non- access to a sample of non- access to a
privileged user privileged user privileged user privileged user system. privileged user system.
IDs and IDs and IDs and IDs and IDs and
privileged user privileged user privileged user privileged user privileged user
IDs and IDs and IDs and IDs and IDs and
password password password password password
change change change change change
interval is interval is interval is interval is interval is
appropriately appropriately appropriately appropriately appropriately
configured. configured. configured. configured. configured.
Ensure that
Also, a test for PASSWORD_ Also, a test for Also, a test for Also, a test for
password LIFE_TIME password password password
adequacy can (number of adequacy can adequacy can adequacy can
be performed days password be performed be performed be performed
by running a can be used) by running a by running a by running a
password is set password password password
"cracking" appropriately. "cracking" "cracking" "cracking"
script. script. script. script.
Also, a test for
Note: If DB28 password
is being used, adequacy can
password be performed
management by running a
features may password
be enabled via "cracking"
user profiles. script.
To determine
the use of
these features,
run the
following SQL
command:
SELECT *
FROM
DBA_PROFIL
ES WHERE
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
RESOURCE_
NAME =
'PASSWORD_
LIFE_TIME''
2.12 Password Users will be Interview the Interview the Interview the Interview the Lack of a Interview the Lack of a
History prevented System System System System password System password
from re-using Administrator Administrator Administrator Administrator history allows Administrator history allows
the 10 to determine if to determine if to determine if to determine ifusers to re- to determine ifusers to re-
previous any third-party any third-party any third-party any third-partyuse old any third-partyuse old
passwords. products, in- products, in- products, in- products, in- passwords, products, in- passwords,
house house house house defeating the house defeating the
automated automated automated automated intent of automated intent of
controls, or controls, or controls, or controls, or forcing users controls, or forcing users
manual manual manual manual to change manual to change
procedures procedures procedures procedures their procedures their
have been have been have been have been password on have been password on
developed and developed and developed and developed and a regular developed and a regular
implemented implemented implemented implemented basis. implemented basis.
restricting a restricting a restricting a restricting a Integrity of restricting a Integrity of
user from user from user from user from passwords user from passwords
selecting a selecting a selecting a selecting a tend to selecting a tend to
previously previously previously previously decline over previously decline over
used used used used time - the used time - the
password password password password older a password older a
when selecting when selecting when selecting when selecting password is when selecting password is
a new a new a new a new the more a new the more
password. password. password. password. likely it is to password. likely it is to
be known. be known.
Review Review Review Review Frequent Review Frequent
password password password password password password password
configuration configuration configuration configuration changes limit configuration changes limit
file to ensure file to ensure file to ensure file to ensure the time file to ensure the time
that a that a that a that a during which that a during which
predetermined predetermined predetermined predetermined a predetermined a
number of number of number of number of compromised number of compromised
previously previously previously previously password can previously password can
user user user user be used to user be used to
passwords passwords passwords passwords gain passwords gain
cannot be cannot be cannot be cannot be unauthorized cannot be unauthorized
used. used. Ensure used. used. access to a used. access to a
that system. system.
PASSWORD_
REUSE_TIME
(number of
days before a
password can
be re-used. If
set, then
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
password_reu
se_max must
be set to
UNLIMITED)
and
PASSWORD_
REUSE_MAX
(number of
password
changes
required
before current
password can
be re-used. If
set, then
password_reu
se_time must
be set to
UNLIMITED)
is set
appropriately.
2.13 Initial The System Interview the Interview the Interview the Interview the When Interview the When
Password Administrator System System System System obtaining a System obtaining a
Distribution will develop a Administrator Administrator Administrator Administrator password for Administrator password for
strategy for and determine and determine and determine and determine an account's and determine an account's
securely what process what process what process what process initial use or what process initial use or
distributing is in place for is in place for is in place for is in place for after having a is in place for after having a
new or reset disseminating disseminating disseminating disseminating password disseminating password
passwords to new or reset new or reset new or reset new or reset reset, the new or reset reset, the
the passwords to passwords to passwords to passwords to password passwords to password
appropriate users. users. users. users. must be users. must be
individual. Determine if Determine if Determine if Determine if relayed from Determine if relayed from
this process this process this process this process the Security this process the Security
meets the meets the meets the meets the Administratio meets the Administratio
following following following following n staff to the following n staff to the
requirements: requirements: requirements: requirements: user. Not requirements: user. Not
relaying this relaying this
- the password - the password - the password - the password password in a - the password password in a
does not does not does not does not secure does not secure
reside in a file reside in a file reside in a file reside in a file manner reside in a file manner
on a network on a network on a network on a network increases the on a network increases the
or server in or server in or server in or server in risk that the or server in risk that the
clear text clear text clear text clear text password will clear text password will
(unencrypted), (unencrypted), (unencrypted), (unencrypted), become (unencrypted), become
- the password - the password - the password - the password known to an - the password known to an
does not pass does not pass does not pass does not pass unauthorized does not pass unauthorized
over the over the over the over the individual. over the individual.
This could This could
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
network in network in network in network in result in network in result in

clear text, and clear text, and clear text, and clear text, and unauthorized clear text, and unauthorized
access to the access to the
- the password - the password - the password - the password system - the password system
is not written is not written is not written is not written is not written
on paper on paper on paper on paper on paper
where it can where it can where it can where it can where it can
be read by be read by be read by be read by be read by
someone else. someone else. someone else. someone else. someone else.
2.13 User ID Database 1. System 1. System 1. System 1. System Not defining 1. System Not defining
Naming User IDs accounts accounts accounts accounts or adhering to accounts or adhering to
Convention should (HIGH (HIGH (HIGH (HIGH naming (HIGH naming
conform to the PRIVILEGE) PRIVILEGE) PRIVILEGE) PRIVILEGE) conventions PRIVILEGE) conventions
appropriate increases the increases the
company Accounts Accounts Accounts Accounts level of work Accounts level of work
policy for installed with installed with installed with installed with required installed with required
naming the system the system the system the system when tracking the system when tracking
convention. that generally that generally that generally that generally down an that generally down an
have high, if have high, if have high, if have high, if individual’s have high, if individual’s
not unlimited, not unlimited, not unlimited, not unlimited, access for not unlimited, access for
privileges. privileges. privileges. privileges. removal or privileges. removal or
2. Application 2. Application 2. Application 2. Application review. 2. Application review.
(HIGH (HIGH (HIGH (HIGH (HIGH
PRIVILEGE) PRIVILEGE) PRIVILEGE) PRIVILEGE) PRIVILEGE)
Accounts Accounts Accounts Accounts Accounts
installed with installed with installed with installed with installed with
an application. an application. an application. an application. an application.
They generally They generally They generally They generally They generally
have some have some have some have some have some
system system system system system
privileges and privileges and privileges and privileges and privileges and
virtually virtually virtually virtually virtually
unlimited unlimited unlimited unlimited unlimited
object object object object object
privileges. privileges. privileges. privileges. privileges.
3. 3. 3. 3. 3.
Administrator Administrator Administrator Administrator Administrator
(HIGH (HIGH (HIGH (HIGH (HIGH
PRIVILEGE) PRIVILEGE) PRIVILEGE) PRIVILEGE) PRIVILEGE)
Accounts used Accounts used Accounts used Accounts used Accounts used
by by by by by
administrators administrators administrators administrators administrators
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
to maintain the to maintain the to maintain the to maintain the to maintain the
system. These system. These system. These system. These system. These
generally have generally have generally have generally have generally have
unlimited unlimited unlimited unlimited unlimited
privileges. privileges. privileges. privileges. privileges.
Review the list Review the list Review the list Review the list Review the list
of accounts of accounts of accounts of accounts of accounts
with the with the with the with the with the
System System System System System
Administrator. Administrator. Administrator. Administrator. Administrator.
Determine if Determine if Determine if Determine if Determine if
account account account account account
names comply names comply names comply names comply names comply
with with with with with
naming naming naming naming naming
standards. standards. A standards. standards. standards.
list of accounts
can be
generated by
reviewing the
dba_users
table.
2.14 Use of Shared user Review the Review the Review the Review the Generic user Review the Generic user
Generic Ids (including database user database user database user database user accounts limit database user accounts limit
Accounts guest list for account list for account list for account list for account accountability list for account accountability
accounts) will names that names that names that names that of user names that of user
not be created appear to be appear to be appear to be appear to be actions appear to be actions
or issued generic and generic and generic and generic and performed generic and performed
when it is inquire as to inquire as to inquire as to inquire as to while logged inquire as to while logged
technically their purpose. their purpose. their purpose. their purpose. in as a their purpose. in as a
feasible to generic user. generic user.
provide Use of a Use of a
individual IDs. generic generic
A periodic account is account is
review will be extremely extremely
performed to difficult to difficult to
ensure that no audit since it audit since it
generic is impossible is impossible
accounts have to attribute to attribute
been set up activities to a activities to a
without the specific user. specific user.
System For this For this
Administrator's reason, reason,
knowledge. intruders intruders
The System often target often target
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
Administrator account account

will ensure names that names that
that all look generic. look generic.
accounts,
except for
"Application"
and "Process"
accounts, are
restricted to a
single,
concurrent
session via
assignment of
a correctly
configured
profile.
2.15 Default Default user Interview the Interview the Interview the Interview the The "System" Interview the The "System"
Accounts accounts System System System System and "Sys" System and "Sys"
shipped with Administrator Administrator Administrator Administrator accounts are Administrator accounts are
software will to determine to determine to determine to determine created to determine created
be disabled or what controls what controls what controls what controls during the what controls during the
the account are in place for are in place for are in place for are in place for
DB2 are in place for
DB2
names will be securing the securing securing securing installation securing installation
changed. If "System" and default default default process. default process.
default "Sys" accounts. accounts. accounts. These accounts. These
accounts must accounts. accounts are accounts are
remain Determine if Determine if Determine if both Determine if both
enabled, the Determine if default default default extremely default extremely
password will the default passwords for passwords for passwords for privileged passwords for privileged
be changed in passwords for default default default having default having
accordance the "Sys" and accounts have accounts have accounts have unlimited accounts have unlimited
with the "System" been changed. been changed. been changed. access to all been changed. access to all
password accounts have DB2 DB2
been changed For the default
change usernames resources resources
policies. by issuing the (e.g., (e.g.,
following and related
passwords, commands commands
commands: and data). and data).
verify that the
CONNECT passwords are These These
sys/ changed. For accounts are accounts are
change_on_in this, perform unaccountabl unaccountabl
stall; the following: e in nature e in nature
since they are since they are
CONNECT 1. First log in created created
system/ to database during the during the
manager; using the installation installation
following process. process.
username/ Auditing their Auditing their
password use is limited use is limited
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
combinations: to only to only

sys/ knowing what knowing what
change_on_in was done, not was done, not
stall (all by whom it by whom it
versions), was done. was done.
system/
manager (all
versions),
dbsnmp/
dbsnmp
(version 7.1.6
and later),
demo/
demo** (all
versions),
apps/
apps, tracesvr/
trace**, ctxsys/
ctxsys**,
mdsys/
mdsys**,
ctxdemo/
ctxdemo**,
applsys/
fnd**, po8/
po8**, names/
names**,
sysadm/
sysadm**,
ordplugins/
ordplugins**,
outln/
outln, ordsys/
ordsys**,
mtssys/
mtssys**.
** These
accounts are
locked and
expired on
install in 9i and
later.
However, the
default
passwords are
not changed
and may
continue to
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
pose a
potential risk.
Note: In
addition to the
default
database
accounts
listed, there
may be
numerous
accounts
created if the
database is
used to
support an
ERP
application
such as Oracle
11i
or SAP. Also,
depending on
the version
and options
installed, the
database may
list fewer
or different
default users.
2. Login
attempts using
the default
passwords
should all fail;
otherwise, it
indicates that
users are
allowed to
access
database
using vendor
provided
default
usernames
and
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
associated
passwords.
2.16 Account User accounts Interview the Interview the Interview the Interview the A common Interview the A common
Lockout will be System System System System method for System method for
configured to Administrator Administrator Administrator Administrator obtaining Administrator obtaining
lock users out to determine if to determine if to determine if to determine if unauthorized to determine if unauthorized
after 3 any third-party any third-party any third-party any third-party system any third-party system
consecutive products or in- products or in- products or in- products or in- access is products or in- access is
failed login house house house house trying to login house trying to login
attempts. automated automated automated automated with default or automated with default or
controls have controls have controls have controls have known controls have known
been been been been accounts. The been accounts. The
developed/ developed/ developed/ developed/ potential developed/ potential
implemented implemented implemented implemented intruder will implemented intruder will
that lock an that lock an that lock an that lock an either that lock an either
account after a account after a account after a account after a manually or account after a manually or
consecutive consecutive consecutive consecutive automatically consecutive automatically
series of failed series of failed series of failed series of failed(via script or series of failed(via script or
login attempts. login attempts. login attempts. login attempts. program) try login attempts. program) try
to login to the to login to the
Auditing of Ensure that Auditing of Auditing of account with Auditing of account with
connections FAILED_LOGI connections connections different connections different
should be N_ATTEMPTS should be should be passwords should be passwords
enabled so (number of enabled so enabled so until enabled so until
that failed attempts to log that failed that failed successful. that failed successful.
attempts can in that can fail attempts can attempts can By allowing attempts can By allowing
be before the be be numerous, be numerous,
investigated as account is investigated as investigated as consecutive investigated as consecutive
appropriate. locked) and appropriate. appropriate. failed login appropriate. failed login
The following PASSWORD_ attempts, the attempts, the
SQL statement LOCK_TIME risk of an risk of an
is used to (time an unauthorized unauthorized
audit failed account user gaining user gaining
connection remains system system
attempts: locked after access access
failed login increases. increases.
AUDIT attempts)
SESSION parameters
WHENEVER are set
NOT appropriately.
SUCCESSFU
L;
The table Auditing of
SYS.AUD$ will connections
contain the should be
failed login enabled so
entries. To that failed
determine if attempts can
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
sessions are be
being audited, investigated as
execute the appropriate.
following
query:
SELECT *
FROM
SYS.DBA_ST
MT_AUDIT_O
PTS
WHERE
AUDIT_ACTIO
N = 'CREATE
SESSION';
SELECT *
FROM
DBA_PROFIL
ES WHERE
RESOURCE_
NAME =
'FAILED_LOGI
N_ATTEMPTS
'
2.17 Application The System The System The System The System The System Security The System Security
Accounts Local Administrator Administrator Administrator Administrator Administrator Concern/ Administrator Concern/
will work with will work with will work with will work with will work with Implication will work with Implication
the appropriate appropriate appropriate appropriate appropriate
appropriate personnel personnel personnel personnel Application personnel Application
personnel in (e.g., system (e.g., system (e.g., system (e.g., system accounts are (e.g., system accounts are
developing a administrators, administrators, administrators, administrators, created administrators, created
strategy for developers, developers, developers, developers, during the developers, during the
changing and and and and installation of and installation of
"Application" application application application application an application an
account owners) to owners) to owners) to owners) to application. owners) to application.
passwords to identify all identify all identify all identify all These identify all These
non-guessable application application application application accounts application accounts
values. This accounts and accounts and accounts and accounts and typically own accounts and typically own
strategy their their their their application their application
should respective respective respective respective objects and respective objects and
address the use. Research use. Research use. Research use. Research are used for use. Research are used for
ramifications will be will be will be will be application will be application
of making conducted to conducted to conducted to conducted to processing. conducted to processing.
such a change determine if determine if determine if determine if The determine if The
(such as the any any any any passwords any passwords
possibility of ramifications ramifications ramifications ramifications associated ramifications associated
the exist from exist from exist from exist from with these exist from with these
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
"Application" securing these securing these securing these securing these accounts are securing these accounts are
account accounts by accounts by accounts by accounts by usually set to accounts by usually set to
passwords changing the changing the changing the changing the default values changing the default values
being hard password to a password to a password to a password to a during the password to a during the
coded in non-guessable non-guessable non-guessable non-guessable installation non-guessable installation
scripts or value. value. value. value. process and value. process and
application are therefore are therefore
modules). The System The System The System The System well known The System well known
Administrator Administrator Administrator Administrator throughout Administrator throughout
will work with will work with will work with will work with the hacking will work with the hacking
application application application application communities. application communities.
developers or developers or developers or developers or These developers or These
managers to managers to managers to managers to accounts managers to accounts
identify data identify data identify data identify data should not be identify data should not be
access access access access used for access used for
requirements requirements requirements requirements database requirements database
in remote in remote in remote in remote administration in remote administration
databases. databases. databases. databases. due to their databases. due to their
Separate Separate Separate Separate privileged Separate privileged
application application application application state and application state and
accounts used accounts used accounts used accounts used unaccountabl accounts used unaccountabl
only for remote only for remote only for remote only for remote e nature. Not only for remote e nature. Not
access will be access will be access will be access will be securing access will be securing
created in the created in the created in the created in the these created in the these
remote remote remote remote accounts remote accounts
database(s) database(s) database(s) database(s) increases the database(s) increases the
with privileges with privileges with privileges with privileges risk of with privileges risk of
limited to limited to limited to limited to unauthorized limited to unauthorized
those those those those access to the those access to the
necessary for necessary for necessary for necessary for system in a necessary for system in a
data access data access data access data access privileged data access privileged
from the from the from the from the state with no from the state with no
application. application. application. application. accountability application. accountability
A special A special A special A special . A special .
role will be role will be role will be role will be role will be
created in the created in the created in the created in the created in the
remote remote remote remote remote
databases databases databases databases databases
which grants which grants which grants which grants which grants
only those only those only those only those only those
system and system and system and system and system and
object object object object object
privileges privileges privileges privileges privileges
necessary for necessary for necessary for necessary for necessary for
running the running the running the running the running the
application. application. application. application. application.
The role must The role must The role must The role must The role must
be a default be a default be a default be a default be a default
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
role and must role and must role and must role and must role and must
not be not be not be not be not be
password password password password password
protected to protected to protected to protected to protected to
function function function function function
properly properly properly properly properly
across the across the across the across the across the
database link; database link; database link; database link; database link;
the role will not the role will not the role will not the role will not the role will not
be granted to be granted to be granted to be granted to be granted to
ANY other ANY other ANY other ANY other ANY other
accounts accounts accounts. accounts. accounts
Interview the Interview the Interview the Interview the Interview the
to determine to determine to determine to determine to determine
what controls what controls what controls what controls what controls
are in place for are in place for are in place for are in place for are in place for
securing securing securing securing securing
"Application" "Application" "Application" "Application" "Application"
accounts. accounts. accounts. accounts. accounts.
Interview the Interview the Interview the Interview the Interview the
Database Database Database Database Database
and and and and and
owners to owners to owners to owners to owners to
determine how determine how determine how determine how determine how
and when and when and when and when and when
"Application" "Application" "Application" "Application" "Application"
accounts are accounts are accounts are accounts are accounts are
used. used. used. used. used.
Review the list Review the list Review the list Review the list Review the list
of accounts of accounts of accounts of accounts of accounts
and determine and determine and determine and determine and determine
which which which which which
created created created created created
expressly for expressly for expressly for expressly for expressly for
remote remote remote remote remote
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
access. access. access. access. access.

Determine the Determine the Determine the Determine the Determine the
appropriatenes appropriatenes appropriatenes appropriatenes appropriatenes
s of the s s s s
system and
object of the system of the system of the system of the system
privileges and object and object and object and object
granted to the privileges privileges privileges privileges
application granted to the granted to the granted to the granted to the
account. application application application application
account. account. account. account.
Determine
which system Assure that Determine Determine Determine
and object the which system which system which system
privileges are application's and object and object and object
granted to the remote role is privileges are privileges are privileges are
application's not granted to granted to the granted to the granted to the
remote role any other user. application's application's application's
and ensure The following remote role remote role remote role
that no SQL and ensure and ensure and ensure
privileges are that no that no that
command is privileges are privileges are
granted used to no privileges
directly to the granted granted
determine directly to the directly to the are granted
account. Also which directly to the
ensure that the account. Also account. Also
accounts have ensure that the ensure that the account. Also
application's the role: ensure that the
remote role is application's application's
remote role is remote role is application's
not granted to SELECT remote role is
any GRANTEE not granted to not granted to
any any not granted to
unauthorized FROM any
user. SYS.DBA_RO unauthorized unauthorized
user. user. unauthorized
LE_PRIVS user.
WHERE
GRANTED_R
OLE = 'name
of application
role';
To determine
which system
and object
privileges are
granted to the
role and to
assure that
no privileges
are granted
directly to the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
account, use
the following
SQL
commands:
SELECT
OWNER,
TABLE_NAME
, PRIVILEGE
FROM
SYS.DBA_TA
B_PRIVS
WHERE
GRANTEE IN
('name of
application
role',
'application
username');
2.18 Embedded Account Review host Review host Review host Review host Account Review host Account
Accounts names and files to files to files to files to names and files to names and
passwords will determine if determine if determine if determine if passwords determine if passwords
not be account account account account are account are
embedded in names and names and names and names and sometimes names and sometimes
scripts, files or passwords passwords passwords passwords embedded in passwords embedded in
applications, have been have been have been have been scripts and have been scripts and
or other embedded. embedded. embedded. embedded. other embedded. other
locations The following The following The following The following applications applications
where they commands commands commands commands to automate to automate
may be can be used to can be used to can be used to can be used to the login the login
discovered in search for search for search for search for process. process.
clear text. embedded embedded embedded embedded Although this Although this
Periodic account account account account may make the may make the
reviews will be names and names and names and names and process of process of
performed to passwords; passwords; passwords; passwords; logging in logging in
determine if easier, it easier, it
other users UNIX UNIX UNIX UNIX poses a great poses a great
have cd full- cd full- cd full- cd full- security risk security risk
embedded directory-path- directory-path- directory-path- directory-path- since these since these
passwords for-script- for-script- for-script- for-script- account account
where they directories directories directories directories names and names and
may be found passwords passwords
in clear text or grep connect grep connect grep connect grep connect can can
deciphered. *.sql > audit- *.sql > audit- *.sql > audit- *.sql > audit- potentially be potentially be
connect.dat connect.dat connect.dat connect.dat discovered by discovered by
other users. other users.
The practice The practice
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
NT NT NT NT of embedding of embedding
account account
Start -> Find Start -> Find Start -> Find Start -> Find names and names and
Files or Files or Files or Files or passwords in passwords in
Folders Folders Folders Folders scripts and scripts and
Advanced Tab Advanced Tab Advanced Tab Advanced Tab other other
in "Containing in "Containing in "Containing in "Containing applications applications
text field" key text field" key text field" key text field" key increases the increases the
in "Connect" in "Connect" in "Connect" in "Connect" probability probability
that that
The audit- The audit- The audit- The audit- unauthorized unauthorized
connect.dat connect.dat connect.dat connect.dat access to the access to the
file will contain file will contain file will contain file will contain system will system will
all connect all connect all connect all connect occur. occur.
statements in statements in statements in statements in
the scripts; the the scripts; the the scripts; the the scripts; the
format is format is format is format is
'connect 'connect 'connect 'connect
userid/ userid/ userid/ userid/
password'; password'; password';
passwords passwords passwords
password'; should not be should not be should not be
passwords included. The included. The included. The
should not be string string string
included. The "connect/ "connect/ "connect/
string " is valid. " is valid. " is valid.
"connect/
" is valid.
2.19 Limit User The System The System The System The System The System The SELECT The System The SELECT
SELECT Administrator Administrator Administrator Administrator Administrator privilege Administrator privilege
Privileges will work with will work with will work with will work with will work with grants a user will work with grants a user
application application application application application read access application read access
developers developers, developers, developers, developers, on views and developers, on views and
and owners to owners and owners and owners and owners and tables. owners and tables.
determine other other other other Typically, other Typically,
what data DB appropriate appropriate appropriate appropriate users read appropriate users read
users are individuals to individuals to individuals to individuals to data through individuals to data through
allowed to determine determine determine determine an determine an
read (view) what data DB2 what data DB what data DB2 what data DB2 application. what data DB2 application.
from within users are users are users are users are Applications users are Applications
their allowed to allowed to allowed to allowed to usually have allowed to usually have
respective read (view) read (view) read (view) read (view) their own read (view) their own
applications. from within from within from within from within level of from within level of
The System their their their their security which their security which
Administrator respective respective respective respective may further respective may further
should applications. A applications. A applications. A applications. A restrict that applications. A restrict that
develop a comparison comparison comparison comparison data which comparison data which
strategy for between the between the between the between the can be read between the can be read
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
duplicating the data a user is data a user is data a user is data a user is over what the data a user is over what the
READ allowed to allowed to allowed to allowed to user's DB2 allowed to user's DB2
privileges in read from read from read from read from account read from account
the application within an within an within an within an restricts. within an restricts.
to the application vs. application vs. application vs. application vs. Applications application vs. Applications
SELECT that data a that data a that data a that data a typically only that data a typically only
privileges in user is allowed user is allowed user is allowed user is allowed allow READ user is allowed allow READ
the database. to read when to read when to read when to read when to specific to read when to specific
connecting connecting connecting connecting rows within a connecting rows within a
directly to the directly to the directly to the directly to the table, DB2 is directly to the table, DB2 is
database will database will database will database will typically database will typically
be performed. be performed. be performed. be performed. configured to be performed. configured to
A strategy for A strategy for A strategy for A strategy for either allow or A strategy for either allow or
duplicating the duplicating the duplicating the duplicating the deny access duplicating the deny access
read privileges read privileges read privileges read privileges to all or no read privileges to all or no
allowed within allowed within allowed within allowed within rows of the allowed within rows of the
applications to applications to applications to applications to table. Not applications to table. Not
SELECT SELECT SELECT SELECT restricting a SELECT restricting a
privileges privileges privileges privileges user’s privileges user’s
allowed in the allowed in the allowed in the allowed in the SELECT allowed in the SELECT
database will database will database will database will privileges in database will privileges in
be developed. be developed. be developed. be developed. DB2 to match be developed. DB2 to match
that of the that of the
Determine Determine Determine Determine application Determine application
what accounts what accounts what accounts what accounts increases the what accounts increases the
have been set have been set have been set have been set risk that users have been set risk that users
up for users. up for users by up for users. up for users. will be able to up for users. will be able to
Determine if reviewing the Determine if Determine if read Determine if read
any SELECT following query any SELECT any SELECT unauthorized any SELECT unauthorized
privileges have with the privileges have privileges have data through privileges have data through
been assigned System been assigned been assigned use of a third- been assigned use of a third-
by determining Administrator by determining by determining party by determining party
the aggregate and User the aggregate the aggregate reporting the aggregate reporting
privileges groups: privileges privileges package or privileges package or
assigned to assigned to assigned to utility. assigned to utility.
"User" SELECT "User" "User" "User"
accounts. USERNAME accounts. accounts. accounts.
FROM
For "User" SYS.DBA_US For "User" For "User" For "User"
accounts that ERS; accounts that accounts that accounts that
have been have been have been have been
assigned Determine if assigned assigned assigned
SELECT any SELECT SELECT SELECT SELECT
privileges privileges have privileges privileges privileges
determine if been assigned determine if determine if determine if
this level of by determining this level of this level of this level of
"read" access the aggregate "read" access "read" access "read" access
is greater than privileges is greater than is greater than is greater than
that which the assigned to that which the that which the that which the
application "User" application application application
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
allows. accounts. allows. allows. allows.

Determine if a For "User" Determine if a Determine if a Determine if a
strategy has accounts that strategy has strategy has strategy has
been have been been been been
developed for assigned developed for developed for developed for
matching the SELECT matching the matching the matching the
level of "read" privileges level of "read" level of "read" level of "read"
access from determine if access from access from access from
within an this level of within an within an within an
application to "read" access application to application to application to
the level of is greater than the level of the level of the level of
SELECT that which the SELECT SELECT SELECT
access application access access access
available when allows. available when available when available when
directly directly directly directly
accessing the Determine if a accessing the accessing the accessing the
strategy has
database via a been database via a database via a database via a
utility (e.g., developed for utility (e.g., utility (e.g., utility (e.g.,
SQL*Plus) or matching the SQL*Plus) or SQL*Plus) or SQL*Plus) or
third-party level of "read" third-party third-party third-party
reporting tool access from reporting tool reporting tool reporting tool
(e.g., MS within an (e.g., MS (e.g., MS (e.g., MS
Access). application to Access). Access). Access).
the level of
SELECT
access
available when
directly
accessing the
database via a
utility (e.g.,
SQL*Plus) or
third-party
reporting tool
(e.g., MS
Access).
2.20 User The System The System The System The System The System Users should The System Users should
Object Administrator Administrator Administrator Administrator Administrator typically make Administrator typically make
Privileges will ensure will develop a will develop a will develop a will develop a updates to will develop a updates to
that users are report giving report giving report giving report giving data through report giving data through
not granted the aggregate the aggregate the aggregate the aggregate an the aggregate an
INSERT, object object object object application. object application.
UPDATE, or privileges privileges privileges privileges Applications privileges Applications
DELETE assigned to assigned to assigned to assigned to sometimes assigned to sometimes
privileges to (user) (user) (user) (user) require a (user) require a
objects (e.g., user's DB2 user's DB2
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
tables). The accounts. accounts. accounts. accounts. account to accounts. account to

System have update have update
Administrator This report will This report will This report will This report will privileges, but This report will privileges, but
will be periodically be periodically be periodically be periodically the be periodically the
periodically reviewed to reviewed to reviewed to reviewed to application reviewed to application
review the determine if determine if determine if determine if processes the determine if processes the
privileges users have users have users have users have update. users have update.
assigned to been granted been granted been granted been granted Granting been granted Granting
users, making any UPDATE, any UPDATE, any UPDATE, any UPDATE, users direct any UPDATE, users direct
sure INSERT, INSERT, or INSERT, INSERT, or INSERT, or INSERT, INSERT, or INSERT,
UPDATE, or DELETE DELETE or DELETE DELETE UPDATE, or DELETE UPDATE, or
DELETE privileges to ALL privileges privileges to privileges to DELETE privileges to DELETE
privileges objects. If it is to objects. If it objects. If it is objects. If it is privileges to objects. If it is privileges to
have not been found that is found that found that found that data objects found that data objects
assigned. users have users have users have users have increases the users have increases the
been assigned been assigned been assigned been assigned risk that been assigned risk that
these these these these unauthorized these unauthorized
privileges, a privileges, a privileges, a privileges, a or privileges, a or
couple of couple of couple of couple of inappropriate couple of inappropriate
actions could actions could actions could actions could changes to actions could changes to
be taken: be taken; be taken; be taken: data will be taken; data will
1. Monitor the 1. Monitor the 1. Monitor the 1. Monitor the occur. 1. Monitor the occur.
user to user to user to user to user to
determine if determine if determine if determine if determine if
these these these these these
privileges are privileges are privileges are privileges are privileges are
being used in being used in being used in being used in being used in
an illicit an illicit an illicit an illicit an illicit
manner. manner. manner. manner. manner.
Monitoring the Monitoring the Monitoring the Monitoring the Monitoring the
user will give user will give user will give user will give user will give
the System the System the System the System the System
a better idea of a better idea of a better idea of a better idea of a better idea of
how this how this how this how this how this
account is account is account is account is account is
being used. being used. being used. being used. being used.
Monitoring will Monitoring will Monitoring will Monitoring will Monitoring will
make it easier make it easier make it easier make it easier make it easier
to determine if to determine if to determine if to determine if to determine if
a user has a user has a user has a user has a user has
used their used their used their used their used their
excessive excessive excessive excessive excessive
privileges to privileges to privileges to privileges to privileges to
perform perform perform perform perform
unauthorized unauthorized unauthorized unauthorized unauthorized
actions and to actions and to actions and to actions and to actions and to
identify some identify some identify some identify some identify some
of the actions of the actions of the actions of the actions of the actions
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
they have they have they have they have they have
taken. taken. taken. taken. taken.
2. Immediately 2. Immediately 2. Immediately 2. Immediately 2. Immediately
remove the remove the remove the remove the remove the
privileges from privileges from privileges from privileges from privileges from
the user. This the user. This the user. This the user. This the user. This
will will will will will
immediately immediately immediately immediately immediately
remove the remove the remove the remove the remove the
risk from the risk from the risk from the risk from the risk from the
system but system but system but system but system but
could make it could make it could make it could make it could make it
harder to harder to harder to harder to harder to
the user used the user used the user used the user used the user used
the privileges the privileges the privileges the privileges the privileges
in an in an in an in an in an
manner and, if manner and, if manner and, if manner and, if manner and, if
so, what so, what so, what so, what so, what
actions they actions they actions they actions they actions they
took. took. took. took. took.
Determine Determine Determine Determine Determine
what accounts what accounts what accounts what accounts what accounts
setup for setup for users setup for setup for setup for
users. by reviewing users. users. users.
the dba_users
Determine if table with the Determine if Determine if Determine if
any UPDATE, System any UPDATE, any UPDATE, any UPDATE,
INSERT, or Administrator INSERT, or INSERT, or INSERT, or
DELETE and User DELETE DELETE DELETE
privileges have groups. privileges have privileges have privileges have
been assigned been assigned been assigned been assigned
by determining Determine if by by by
the aggregate any UPDATE,
privileges INSERT, determining determining determining
assigned to DELETE or the aggregate the aggregate the aggregate
user accounts. ALL privileges privileges privileges privileges
have been assigned to assigned to assigned to
For user assigned by user accounts. user accounts. user accounts.
accounts that
have been determining For user For user For user
assigned the aggregate accounts that accounts that accounts that
INSERT, privileges have been have been have been
UPDATE, or assigned to assigned assigned assigned
DELETE user accounts INSERT, INSERT, INSERT,
UPDATE, or UPDATE, or UPDATE, or
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
privileges, (review DELETE DELETE DELETE

determine if dba_tab_privs privileges, privileges, privileges,
this is required
by the and determine if determine if determine if
application. If dba_role_privs this is required this is required this is required
required by the tables.) When by the by the by the
application, a role is application. If application. If application. If
determine assigned required by the required by the required by the
what these application, application, application,
safeguards are privileges, find determine determine determine
in place to a list of actual what what what
avoid direct IDs that safeguards are safeguards are safeguards are
updates to belong to that in place to in place to in place to
data outside of role avoid direct avoid direct avoid direct
the authorized updates to updates to updates to
application. For user data outside of data outside of data outside of
accounts that the authorized the authorized the authorized
Determine if have been
procedures application. application. application.
assigned
are in place for INSERT, Determine if Determine if Determine if
reviewing the UPDATE, procedures procedures procedures
privileges DELETE or are in place for are in place for are in place for
assigned to ALL privileges, reviewing the reviewing the reviewing the
users on a privileges privileges privileges
periodic basis determine if assigned to assigned to assigned to
and the this is required users on a users on a users on a
manner in by the
which application. If periodic basis periodic basis periodic basis
excessive required by the and the and the and the
privileges are application, manner in manner in manner in
removed. determine which which which
what excessive excessive excessive
privileges are privileges are privileges are
safeguards are removed. removed. removed.
in place to
avoid direct
updates to
data outside of
the authorized
application.
Determine if
procedures
are in place for
reviewing the
privileges
assigned to
users on a
periodic basis
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
and the
manner in
which
excessive
privileges are
removed.
2.21 Use of The System Inquire from Inquire from Inquire from Inquire from Inquire from
Profiles Administrator Database/ Database/ Database/ Database/ Database/
will work in System System System System System
conjunction Administrator Administrator Administrator Administrator Administrator
with the how user how user how user how user how user
Database privileges are privileges are privileges are privileges are privileges are
Administrator assigned. assigned. assigned. assigned. assigned.
to develop Users should Users should Users should Users should Users should
profiles for be assigned be assigned be assigned be assigned be assigned
each type of access to access to access to access to access to
account and database database database database database
user. These based on pre- based on based on based on based on
profiles should configured preconfigured preconfigured preconfigured preconfigured
be configured group profiles. group profiles. group profiles. group profiles. group profiles.
so their Ensure that Ensure that Ensure that
assignment to Ensure that Review the profiles profiles profiles
an account will profiles dba_profiles enforce enforce enforce
correctly limit enforce table and segregation of segregation of segregation of
a user's segregation of verify that all duties. duties. duties.
session and duties. users' access
resource was granted
rights. The through
System profiles.
Administrator Ensure that
should assign profiles
an appropriate enforce
profile to every segregation of
account. duties.
2.22 User Exists User Exists 1. Examine N/ N/ N/ Common for N/ Common for
and evaluate A A A the following A the following
by interview exits is that exits is that
whether DB2 they are they are
exits important for important for
developed and the correct the correct
programmed processing of processing of
by the data and for data and for
organization the access to the access to
exist, and both data and both data and
whether such DB2. For DB2. For
exits have exits, which exits, which
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
been contain contain

documented installation installation
and approved specific code, specific code,
by it is material it is material
management. that that
(see Appendix production production
F: Example of implementatio implementatio
how to use n procedures n procedures
QMF to find are observed are observed
exit routines in to ensure the to ensure the
DB2) exit module exit module
correct correct
2. Examine functionality functionality
and evaluate and and
whether the documentatio documentatio
documentation n as well as n as well as
is in the the
accordance organization’s organization’s
with the policies and policies and
requirements procedures. procedures.
of the
installation and
contains the
reason for the
use of locally
developed
DB2 exits.
Examine and
evaluate if the
documentation
contains a
description of
the function of
the DB2 exit.
3. Evaluate
whether locally
developed
DB2 exits are
a potential
threat to the
integrity of
DB2, and
whether
standard DB2
exits make it
possible to
bypass DB2
security.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
4. If
documentation
/
production
implementatio
n information
shows that
changes have
been made to
locally
developed
DB2 exits and/
or the
DSN30ATH
and
DSN30SGN
modules,
source code to
such changes
should be
compared to
the active load
module (only
differences in
date are
acceptable.).
(See Appendix
Q:AMBLIST)
5. Examine
and evaluate
whether
source and
load libraries
have been
adequately
protected.
2.23 The START Internal 1. Examine 1. Examine 1. Examine 1. Examine Any start of 1. Examine Any start of
Command controls are in whether whether whether whether DB2 involves whether DB2 involves
place to guidelines guidelines guidelines guidelines a certain risk guidelines a certain risk
ensure that have been have been have been have been that approved have been that approved
audited DB established to established to established to established to and established to and
system is ensure that ensure that ensure that ensure that documented ensure that documented
started in individual DB individual DB individual DB individual DB DB2 startup individual DB DB2 startup
accordance systems can systems can systems can systems can parameters systems can parameters
with the only be started only be started only be started only be started are changed only be started are changed
organization’s in the pre- by authorized by authorized by authorized in a way that by authorized in a way that
policies and determined individuals individuals individuals is a threat to individuals is a threat to
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
procedures. MVS (test and (test and (test and the security (test and the security
These internal environment production production production and/ production and/
controls (test and separately). separately). separately). or integrity of separately). or integrity of
include but not production Evaluate the Evaluate the Evaluate the the DB2 Evaluate the the DB2
limited to separately). guidelines. guidelines. guidelines. system. guidelines. system.
restricted Evaluate the Furthermore, Furthermore,
access to guidelines. 2. Examine 2. Examine 2. Examine changes to 2. Examine changes to
material DB and evaluate and evaluate and evaluate the startup and evaluate the startup
commands 2. Examine whether it is whether it is whether it is parameters whether it is parameters
(start/ and evaluate possible to possible to possible to may result in possible to may result in
stop and whether it is start individual start individual start individual inadequacies/ start individual inadequacies/
others) or possible to DB systems DB systems DB systems gaps in the DB systems gaps in the
review of the start individual with different with different with different system’s with different system’s
DB DB systems parameter parameter parameter audit trail. parameter audit trail.
configuration with different sets, and if so, sets, and if so, sets, and if so, sets, and if so,
parameters parameter if guidelines if guidelines if guidelines if guidelines
against a sets, and if so, have been have been have been have been
defined if guidelines established for established for established for established for
baseline have been this. this. this. this.
configuration. established for
this. 3. Examine 3. Examine 3. Examine 3. Examine
and evaluate and evaluate and evaluate and evaluate
3. Examine whether the whether the whether the whether the
and evaluate possibility to possibility to possibility to possibility to
whether the override the override the override the override the
possibility to system system system system
override the parameters parameters parameters parameters
system during startup during startup during startup during startup
parameters is controlled, is controlled, is controlled, is controlled,
during startup including including including including
(- START whether whether whether whether
PARM(xxx)) is console console console console
controlled, access and access and access and access and
including commands are commands are commands are commands are
whether controlled. controlled. controlled. controlled.
console
access and 4. Review and 4. Review and 4. Review and 4. Review and
commands are evaluate the evaluate the evaluate the evaluate the
controlled (this parameters for parameters for parameters for parameters for
is normally individual DB individual DB individual DB individual DB
covered by the systems. The systems. The systems. The systems. The
MVS audit). parameters parameters parameters parameters
should be should be should be should be
4. Review and same for same for same for same for
evaluate the similar DB similar DB similar DB similar DB
parameters for systems. systems. systems. systems.
individual DB
systems
according to
SYS1.PARMLI
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
B (IEFSSNxx).
The
parameters
should be
same for
similar DB2
systems. (The
member
IEFSSNxx in
parmlib
contains an
entry for each
individual MVS
subsystem.)
2.24 Stopping DISPLAY Examine Examine Examine Examine If a DB2 Examine If a DB2
DB2 THREAD is whether whether whether whether system is whether system is
always precautions precautions precautions precautions closed while precautions closed while
performed, have been have been have been have been remaining have been remaining
and any made to made to made to made to THREADs made to THREADs
remaining ensure that ensure that ensure that ensure that exist, there is ensure that exist, there is
THREADs are DISPLAY DISPLAY DISPLAY DISPLAY a risk that DISPLAY a risk that
closed before THREADs is THREADs is THREADs are THREADs is data objects THREADs is data objects
stopping a DB always always always always may in the always may in the
system. performed and performed and performed and performed and worst case be performed and worst case be
that any that any that any that any left in an that any left in an
remaining remaining remaining remaining inconsistent remaining inconsistent
THREADs are THREADs are THREADs are THREADs are state. THREADs are state.
closed before closed before closed before closed before closed before
a DB2 system a DB system is a DB system is a DB system is a DB system is
is stopped stopped either stopped either stopped either stopped either
either in the in the form of in the form of in the form of in the form of
form of automated automated automated automated
automated routines or in routines or in routines or in routines or in
routines or in the form of a the form of a the form of a the form of a
the form of a procedure. procedure. procedure. procedure.
procedure. Evaluate if Evaluate if Evaluate if Evaluate if
Evaluate if these work these work these work these work
these work and are and are and are and are
and are observed. observed. observed. observed.
observed. Specifically Specifically Specifically Specifically
Specifically ensure that ensure that ensure that ensure that
ensure that stop stop stop stop
stop instructions instructions instructions instructions
instructions are are are are
are documented. documented. documented. documented.
documented.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
2.25 Database Since the DB To verify that To verify that To verify that To verify that Anyone To verify that Anyone
Administration authorization the the the the creating a the creating a
ID used to organization’s organization’s organization’s organization’s database, or organization’s database, or
create a policies and policies and policies and policies and a table policies and a table
database or a procedures for procedures for procedures for procedures for automatically procedures for automatically
table in DB naming naming naming naming gains a naming gains a
implicitly gains standards, standards, standards, standards, number of standards, number of
an extensive ownership of ownership of ownership of ownership of extended ownership of extended
number of databases, databases, databases, databases, rights in databases, rights in
powerful rights tables and tables and tables and tables and relation to the tables and relation to the
and privileges objects are objects are objects are objects are object that is objects are object that is
as the owner adequate and adequate and adequate and adequate and created. adequate and created.
of the object, it that they are that they are that they are that they are Among these that they are Among these
is important observed. observed. observed. observed. rights is the observed. rights is the
that the possibility to possibility to
maintenance Anyone Anyone Anyone Anyone use the Anyone use the
of databases creating a creating a creating a creating a ‘GRANT’ creating a ‘GRANT’
and tables is database, database, database, database, command database, command
performed in table space or table space or table space or table space or and thereby table space or and thereby
accordance a table in DB2 a table a table a table pass on their a table pass on their
with a set of implicitly gains implicitly gains implicitly gains implicitly gains rights and implicitly gains rights and
formalized a number of a number of a number of a number of privileges to a number of privileges to
procedures extensive extensive extensive extensive other DB2 extensive other DB2
and rights and rights and rights and rights and user IDs. It is rights and user IDs. It is
guidelines. privileges in privileges in privileges in privileges in therefore privileges in therefore
relation to this relation to this relation to this relation to this important relation to this important
object. object. object. object. procedures object. procedures
Subsequently, Subsequently, Subsequently, Subsequently, for creation Subsequently, for creation
these are very these are very these are very these are very and these are very and
difficult to difficult to difficult to difficult to maintenance difficult to maintenance
remove. remove. remove. remove. of objects are remove. of objects are
Therefore, the Therefore, the Therefore, the Therefore, the implemented Therefore, the implemented
auditor should auditor should auditor should auditor should in accordance auditor should in accordance
review and review and review and review and with the review and with the
evaluate evaluate evaluate evaluate organization’s evaluate organization’s
whether the whether the whether the whether the regulations. whether the regulations.
predetermined predetermined predetermined predetermined predetermined
DB2 user IDs DB user IDs DB user IDs DB user IDs DB user IDs
are used when are used when are used when are used when are used when
creating creating creating creating If this is not creating If this is not
databases and databases and databases and databases and implemented databases and implemented
tables. tables. tables. tables. consistently, tables. consistently,
the the
Review and Review and Review and Review and maintenance Review and maintenance
evaluate the evaluate the evaluate the evaluate the of DB2 is evaluate the of DB2 is
existing existing existing existing connected existing connected
procedures for procedures for procedures for procedures for with major procedures for with major
database database database database risks because database risks because
administration. administration. administration. administration. the security administration. the security
Are the Are the Are the Are the level is Are the level is
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
procedures procedures procedures procedures inconsistent. procedures inconsistent.

and guidelines and guidelines and guidelines and guidelines and guidelines
adequate, and adequate, and adequate, and adequate, and adequate, and
do they ensure do they ensure do they ensure do they ensure do they ensure
that table that table that table that table that table
ownership, ownership, ownership, ownership, ownership,
etc., is etc., is etc., is etc., is etc., is
registered registered registered registered registered
consistently in consistently in consistently in consistently in consistently in
accordance accordance accordance accordance accordance
organization’s organization’s organization’s organization’s organization’s
requirements. requirements. requirements. requirements. requirements.
By reading Evaluate Evaluate Evaluate Evaluate
“SYSIBM.SYS whether whether whether whether
TABAUTH” CREATORs of CREATORs of CREATORs of CREATORs of
(see Appendix production production production production
G: SQL objects exist objects exist objects exist objects exist
EXAMPLE: which are not which are not which are not which are not
Find in accordance in accordance in accordance in accordance
SCREATOR with the with the with the with the
different from organization’s organization’s organization’s organization’s
the procedures. procedures. procedures. procedures.
predetermined
user IDs) it is Dynamic SQL Dynamic SQL Dynamic SQL Dynamic SQL
examined and primarily primarily primarily primarily
evaluated means that means that means that means that
whether access paths access paths access paths access paths
CREATORs of and and and and
production authorizations authorizations authorizations authorizations
objects exist are are are are
that are not in determined at determined at determined at determined at
accordance the time of the time of the time of the time of
with the execution execution execution execution
organization’s instead of at instead of at instead of at instead of at
procedures. bind time as bind time as bind time as bind time as
normal. This normal. This normal. This normal. This
Dynamic SQL means that in means that in means that in means that in
primarily particular the particular the particular the particular the
means that
access paths execution of execution of execution of execution of
and dynamic SQL dynamic SQL dynamic SQL dynamic SQL
authorizations under user IDs under user IDs under user IDs under user IDs
are with wide- with wide- with wide- with wide-
determined at ranging ranging ranging ranging
the time of authorizations authorizations authorizations authorizations
execution in the in the in the in the
instead of at database database database database
bind time as
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
normal. This poses a poses a poses a poses a

means that in material material material material
particular the potential risk potential risk potential risk potential risk
of bypassing of bypassing of bypassing of bypassing
execution of the the the the
dynamic SQL established established established established
under user IDs security. security. security. security.
with wide- Through Through Through Through
ranging
authorizations interviews interviews interviews interviews
in DB2 poses determine to determine to determine to determine to
a material what extent what extent what extent what extent
potential risk dynamic SQL dynamic SQL dynamic SQL dynamic SQL
of bypassing is used, and is used, and is used, and is used, and
the whether any whether any whether any whether any
established use is use is use is use is
security. It is
determined adequately adequately adequately adequately
through documented. documented. documented. documented.
interviews to Any updates Any updates Any updates Any updates
what extend made through made through made through made through
dynamic SQL dynamic SQL dynamic SQL dynamic SQL dynamic SQL
is used, and without the without the without the without the
whether any job-scheduling job-scheduling job-scheduling job-scheduling
use is tool should be tool should be tool should be tool should be
adequately thoroughly thoroughly thoroughly thoroughly
documented. evaluated. A evaluated. A evaluated. A evaluated. A
Any updates typical sign typical sign typical sign typical sign
made through that dynamic that dynamic that dynamic that dynamic
dynamic SQL SQL is SQL is SQL is SQL is
without the
job-scheduling used used used used
tool (OPC/ bypassing the bypassing the bypassing the bypassing the
CA7/ job-scheduling job-scheduling job-scheduling job-scheduling
Scheduler) tool is that tool is that tool is that tool is that
should be personal user personal user personal user personal user
thoroughly IDs have IDs have IDs have IDs have
evaluated. A access to DB access to DB access to DB access to DB
typical sign objects. objects. objects. objects.
that dynamic
SQL is used
bypassing the
job-scheduling
tool is that
personal user
IDs have
access to DB2
objects.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
2.26 Operations The To evaluate Interview the Interview the Interview the The operation Interview the The operation
Planning operations the procedures appropriate appropriate appropriate planning is appropriate planning is
planning for production individual and individual and individual and often a part in individual and often a part in
should ensure implementatio request for request for request for the request for the
that the n of DB2 management management management segregation management segregation
production production authorization authorization authorization of duties of authorization of duties of
environment elements, to implement to implement to implement the to implement the
DB systems including BIND the database the database the database production the database production
and related of applications and related and related and related implementatio and related implementatio
applications to DB2 applications in applications in applications in n, which is applications in n, which is
and programs resources. It is the production the production the production needed to the production needed to
are defined important to be environment. environment. environment. ensure a environment. ensure a
such that the aware of all proper proper
connection software run production production
between the against DB2 environment. environment.
database and production Any Any
the tables, weaknesses weaknesses
applications is including any in this in this
ensured and “one-time function may function may
that only batches” for create create
approved error uncertainty uncertainty
databases and correction, about the about the
applications conversion, credibility of credibility of
are included in etc. Verify that both the date both the date
the production creation of/ and and
environment. changes to applications applications
DB2 elements in production. in production.
is performed in
accordance
with
predetermined
guidelines,
including
ensuring
proper
authorization
and
documentation
Verify that it is
checked prior
to production
implementatio
n that
application
programs can
only access
relevant DB2
data.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
Evaluate
whether
guidelines are
up-to-date and
adequate, and
whether they
are sufficient
to ensure
stabile
processing
and
appropriate
use of DB2.
Review and
evaluate
CREATOR of
plans and
packages in
the production
environment.
CREATOR
should be an
approved DB2
authorization
ID. Common
practice is to
use a “non-
personal DB2
authorization
ID” by using
“set current
SQL-ID”. See:
Appendix I:
SQL
EXAMPLE:
Find
CREATOR in
the SYS-PLAN
table different
from
predetermined
CREATOR.
–Review and
evaluate plans
in the
production
environment
with
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
GRANTEE=P
UBLIC and
EXECUTEAU
TH=Y or G for
plans assigned
to batch
programs. This
should only
exist for really
harmless
programs.
See: Appendix
J: SQL
EXAMPLE:
Find plans
granted to
PUBLIC where
EXECUTEAU
TH is not
blank.
2.27 Access A number of To evaluate To evaluate To evaluate To evaluate Some of To evaluate Some of
Through end-user tools whether whether whether whether these utilities whether these utilities
Utilities exist that can unnoticed unnoticed unnoticed unnoticed have unnoticed have
be used for circumvention circumvention circumvention circumvention independent circumvention independent
data of the of the of the of the authorizations of the authorizations
processing in segregation of segregation of segregation of segregation of to DB2 and segregation of to DB2 and
the DB duties is duties is duties is duties is may, duties is may,
environment. possible possible possible possible therefore, possible therefore,
A deciding through the through the through the through the provide the through the provide the
factor for the use of utilities, use of utilities, use of utilities, use of utilities, user with use of utilities, user with
extent of this and whether and whether and whether and whether greater and whether greater
data access has access has access has access has authorizations access has authorizations
processing is been granted been granted been granted been granted than the user been granted than the user
which access in accordance in accordance in accordance in accordance would have in accordance would have
the individual with work with work with work with work had through with work had through
user has to the related needs. related needs. related needs. related needs. the normal related needs. the normal
data. For this security security
reason, it is Examine and Examine and Examine and Examine and administration Examine and administration
necessary for evaluate evaluate evaluate evaluate procedure. If evaluate procedure. If
the whether whether whether whether that is the whether that is the
administration various utilities various utilities various utilities various utilities case, the various utilities case, the
of access to have been have been have been have been administration have been administration
be effective protected protected protected protected of access to protected of access to
and well against against against against the utility against the utility
documented. unauthorized unauthorized unauthorized unauthorized should be unauthorized should be
Utilities is the use. use. use. use. evaluated. use. evaluated.
common term Examine Examine Examine Examine Examine
used to
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
describe a whether whether whether whether whether

number of guidelines guidelines guidelines guidelines guidelines
tools and exist for the exist for the exist for the exist for the exist for the
systems which authorized use authorized use authorized use authorized use authorized use
can be used of utilities and of utilities and of utilities and of utilities and of utilities and
for such things evaluate evaluate evaluate evaluate evaluate
as these. these. these. these. these.
maintenance
and Examine by Examine by Examine by Examine by Examine by
interview
corrections in interview interview interview interview
whether the
DB databases whether the whether the whether the whether the
use of the
and for end- use of the use of the use of the use of the
user data database database database database database
management
processing. management management management management
system
Utilities used system system system system
bypasses the
in connection bypasses the bypasses the bypasses the bypasses the
standard
with DB are standard standard standard standard
primarily interfaces and interfaces and interfaces and interfaces and interfaces and
evaluate
produced - for evaluate evaluate evaluate evaluate
example inwhether this is whether this is whether this is whether this is whether this is
DB2 - by: done in a done in a done in a done in a done in a
sufficiently sufficiently sufficiently sufficiently sufficiently
• Candle secure secure secure secure secure
(OMEGAMON manner. manner. manner. manner. manner.
)
Review the Review access Review access Review access Review access
• CA/ access through through through through
PLATINUM through powerful powerful powerful powerful
powerful utilities and utilities and utilities and utilities and
• BMC utilities and evaluate evaluate evaluate evaluate
• RC evaluate whether whether whether whether
whether the access is only access is only access is only access is only
• CA/ access is only granted to staff granted to staff granted to staff granted to staff
INSIGHT granted to staff with work with work with work with work
with work related needs. related needs. related needs. related needs.
related needs.
The auditor The auditor The auditor The auditor
End-user should be should be should be should be
tools, such as aware that an aware that an aware that an aware that an
QMF and end-user’s end-user’s end-user’s end-user’s
SPUFI do not “innocent” “innocent” “innocent” “innocent”
give access select access select access select access select access
data, which may lead to may lead to may lead to may lead to
the users don’t production production production production
have access to data being data being data being data being
already. copied to a copied to a copied to a copied to a
However, the less secure less secure less secure less secure
auditor should environment environment environment environment
be aware that where there is where there is where there is where there is
an end-user’s a risk that the a risk that the a risk that the a risk that the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
“innocent” data is data is data is data is

select access abused. abused. abused. abused.
may lead to
production Certain of the Certain of the Certain of the Certain of the
data being DB utilities DB utilities DB utilities DB utilities
copied to a allow sensitive allow sensitive allow sensitive allow sensitive
less secure functions. functions. functions. functions.
environment They should They should They should They should
where there is be restricted to be restricted to be restricted to be restricted to
a risk that the those those those those
data is persons who persons who persons who persons who
abused. Also, have a need to have a need to have a need to have a need to
the use of use them for use them for use them for use them for
QMF may the the the the
degrade maintenance maintenance maintenance maintenance
performance of the of the of the of the
seriously. databases. databases. databases. databases.
Certain of the Determine Determine Determine Determine
DB2 utilities who who who who
allow sensitive has the has the has the has the
functions. authority to authority to authority to authority to
They should use the utilities use the utilities use the utilities use the utilities
be restricted to and evaluate and evaluate and evaluate and evaluate
those any potential any potential any potential any potential
persons who security and security and security and security and
have a need to control control control control
use them for implications. implications. implications. implications.
the
maintenance
of the
databases.
Determine
who has the
authority to
use the
following
utilities and
evaluate any
potential
security and
control
implications.
1. COPY AND N/ N/ N/ N/
MERGECOPY A A A A
Determine
who has the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
authority to run
these utilities
against the
particular
database. In
addition to the
person with
SYSADM
authority,
DBADM,
DBCTRL OR
DBMAINT
authority over
the particular
database the
utility can also
be run by
anyone who
has been
granted the
IMAGCOPY
privilege for
the database
containing the
table space
named. This
can be
determined
from the
IMAGCOPYA
UTH
parameter of
the
SYSDBAUTH
table in the
catalog.
Ensure that
this authority is
limited. Ensure
that back-up
image copies
are taken
regularly and
that
MERGECOPY
is used only
when required
for recovery
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
purposes.
2. LOAD
Determine
who has the
authority to
use this utility
to load data
into database
tables. In
addition to the
persons with
SYSADM
authority,
DBADM or
DBCTRL
authority over
the particular
database.
2.28 Physical The To evaluate To evaluate To evaluate To evaluate The risk that To evaluate The risk that
Data Set foundation for the security the security the security the security data can be the security data can be
DB databases precautions precautions precautions precautions read or precautions read or
is a number of that have been that have been that have been that have been manipulated that have been manipulated
data sets in taken with taken with taken with taken with outside DB2 taken with outside DB2
which data is regard to regard to regard to regard to is not very regard to is not very
placed under physical data physical data physical data physical data big. However, physical data big. However,
the control of sets used by sets used by sets used by sets used by the biggest sets used by the biggest
DB system DB2. the database. the database. the database. risk is that the the database. risk is that the
(these data data could be data could be
sets should be Determine Determine Determine Determine deleted or Determine deleted or
stored on a (through (through (through (through destroyed (through destroyed
different documentation documentation documentation documentation (intentionally documentation (intentionally
partition from / / / / or / or
database interview) the interview) the interview) the interview) the unintentionall interview) the unintentionall
files.) The data naming naming naming naming y). This risk is naming y). This risk is
is thus not standards for standards for standards for standards for material. standards for material.
directly the relevant the relevant the relevant the relevant the relevant
accessible data sets and data sets and data sets and data sets and data sets and
outside DB evaluate evaluate evaluate evaluate evaluate
and, thereby, whether the whether the whether the whether the whether the
the DB naming naming naming naming naming
authorization standards standards standards standards standards
system. provide for provide for provide for provide for provide for
adequate adequate adequate adequate adequate
RACF/ security. security. security. security.
ACF2 security.
Review DB Review DB Review DB Review DB
Review RACF/ profiles for profiles for profiles for profiles for
ACF2 profiles these data these data these data these data
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
for these data sets and sets and sets and sets and
sets and evaluate evaluate evaluate evaluate
evaluate whether the whether the whether the whether the
whether the profiles are profiles are profiles are profiles are
profiles are unambiguous unambiguous unambiguous unambiguous
unambiguous and sufficient. and sufficient. and sufficient. and sufficient.
and sufficient.
Review DB Review DB Review DB Review DB
Review RACF/ access lists for access lists for access lists for access lists for
ACF2 access these data these data these data these data
lists for these sets, and sets, and sets, and sets, and
data sets, and evaluate evaluate evaluate evaluate
evaluate whether all whether all whether all whether all
whether all given access given access given access given access
given access is relevant, is relevant, is relevant, is relevant,
is relevant, work related work related work related work related
work related and in and in and in and in
and in accordance accordance accordance accordance
accordance with the policy with the policy with the policy with the policy
with the policy for the area. for the area. for the area. for the area.
for the area. Only the DB Only the DB Only the DB Only the DB
Only the DB2 system’s own system’s own system’s own system’s own
system’s own DB user IDs DB user IDs DB user IDs DB user IDs
RACF/ should have should have should have should have
ACF2 user IDs access. access. access. access.
should have
access. The auditor The auditor The auditor The auditor
may choose to may choose to may choose to may choose to
The auditor select a select a select a select a
may choose to sample from a sample from a sample from a sample from a
select a DB system to DB system to DB system to DB system to
sample from a evaluate evaluate evaluate evaluate
DB2 system to whether the whether the whether the whether the
evaluate DB data sets DB data sets DB data sets DB data sets
whether the actually follow actually follow actually follow actually follow
DB2 data sets the naming the naming the naming the naming
actually follow standard. standard. standard. standard.
the naming
standard.
High-level
qualifier
appears from
the allocation
according to
SDSF.
Alternatively,
the prefix for
log data sets
for the
database can
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
be found in the
installation
information in
DSNZPARx,
member
DSNTIJUZ.
This includes
“CATALOG=x
yz”, where xyz
represents the
data set prefix.
Then ISPF
Utilities, 4
“Data Set List
Utility” can be
used to find
the relevant ds
names.
2.29 Access to Through SNA The objective The objective The objective The objective If rules and The objective If rules and
DB from networks and is to evaluate is to evaluate is to evaluate is to evaluate procedures is to evaluate procedures
Distributed VTAM, whether whether whether whether have not whether have not
Systems distributed procedures procedures procedures procedures been procedures been
systems such exist for exist for exist for exist for established exist for established
as AS/ granting granting granting granting for granting for
400 or central access from access from access from access from authorization access from authorization
systems at distributed distributed distributed distributed control of distributed control of
other data systems to the systems to the systems to the systems to the distributed systems to the distributed
centers can central DB2 central DB central DB central DB systems, the central DB systems, the
get access to systems, and systems, and systems, and systems, and many systems, and many
a central DB whether the whether the whether the whether the possible whether the possible
system if the access is access is access is access is combinations access is combinations
system granted in granted in granted in granted in result in a risk granted in result in a risk
configuration accordance accordance accordance accordance of losing track accordance of losing track
allows it. with with with with of which DB2 with of which DB2
regulations so regulations so regulations so regulations so systems have regulations so systems have
that no one that no one that no one that no one access to that no one access to
can gain can gain can gain can gain central DB2 can gain central DB2
unauthorized unauthorized unauthorized unauthorized systems and unauthorized systems and
access to the access to the access to the access to the which access to the which
central central central central authorizations central authorizations
systems. systems. systems. systems. individual systems. individual
users will get. users will get.
Review the Review the Review the Review the Review the
documentation documentation documentation documentation For example, documentation For example,
of the DB2 of the DB of the DB of the DB an AS/ of the DB an AS/
system to system to system to system to 400 system system to 400 system
evaluate evaluate evaluate evaluate may have a evaluate may have a
whether the whether the whether the whether the user defined whether the user defined
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
principles for principles for principles for principles for with the same principles for with the same
the access of the access of the access of the access of name as a the access of name as a
distributed distributed distributed distributed user in the distributed user in the
systems to the systems to the systems to the systems to the central systems to the central
DB2 system DB system are DB system are DB system are system, which DB system are system, which
are adequately adequately adequately adequately may have adequately may have
described, and described, and described, and described, and high described, and high
whether whether whether whether authorizations whether authorizations
guidelines for guidelines for guidelines for guidelines for (SYSADM or guidelines for (SYSADM or
this exist. this exist. this exist. this exist. similar) in the this exist. similar) in the
central central
The following 1. Understand system. The system. The
parameter and document AS/ AS/
should be set the policies 400 will 400 will
in the APPL and assume these assume these
definition of procedures authorizations authorizations
the DB2 which the when the when the
system in organization request is request is
SYS1.VTAML has sent to the sent to the
ST: established central central
around system system
q database links
SECACPT=AL unless the unless the
and database configuration configuration
READYV link security. anticipates anticipates
Review and Through this problem. this problem.
evaluate the inquiry of
contents of the management
SYSIBM.LUN personnel,
AMES table: data owners,
and database
q There should administrators,
be no dummy determine
entries (rows whether
without LU database links
name). have been
used, are
q The used, and/
specified LU or will be used
names should in the
be compared organization. If
to the database links
documentation are utilized,
to evaluate inquire the
how well they nature (roles,
correspond. responsibilities
Discrepancies , and scope) of
should be the
explained and administration
evaluated. functions
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
q If ‘A’ is related to the

specified in the separate
SECUTITY_IN databases
field, additional which make up
RACF/ the distributed
ACF2 database.
protection Inquire as to
should be in the extent and
place (see nature of the
below). It security issues
should also be identified in
evaluated – if the past as
necessary, by they relate to
interview – if database links.
the user IDs If such issues
from the existed, obtain
requesting an
system get understanding
higher and document
authorizations
than intended how they were
due to the resolved
same name through
being used on inquiry. Also,
both systems. obtain any
documentation
q If ‘T’ is associated
specified in with
USERNAMES
RACF/ those issues
ACF2, checks and resolution
will not be methods.
performed. Inquire and
The content of obtain any
the documentation
SYSIBM.USE of the
RNAMES monitoring
table is activities
therefore associated
important to with database
the security links. If
level. database links
Review and are not used
evaluate and are
authorizations not expected
in the below to be used in
RACF/ the near
ACF2 classes. future, no
The classes
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
are further testing

is required for
optional; this control
however, at activity.
least one of
them should 2. Review the
be active to dba_db_links
ensure RACF/ table to
ACF2 determine
controlled what links, if
any, are
access to the employed by
DB2 system: the local
q APPL. If the database to
class is active connect to
and contains other
LU names of databases in
DB2 systems, the
access control organization.
is established The result
according to from this query
the access list is a
for the
systems in list of all
question. outgoing links
defined at the
q APPCPORT. local
If this class is database.
active, users
must be 3. Determine
granted at existing
least READ incoming
access in this database links
to the local
class to get database.
access to the First, obtain a
system, even if
class DSNR complete list of
db2id.DIST is all database
also active and links through
in use. inquiry of the
database
administrator.
q DSNR 4. If outgoing N/ N/ N/
db2id.DIST database links A A A
where db2id is are employed,
the name of verify that
the central DBLINK_ENC
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
DB2 system RYPT_LOGIN

(see also 6.4.5 is set for each
Security identified link
Administration at testing step
in general). 2 to TRUE in
the INIT.ORA
The file. This
combination of ensures that
APPCPORT attempts to
and DSNR connect to
db2id.DIST another Oracle
allows for the database are
best encrypted. As
protection. a secondary
For all RACF/ step to this
ACF2 test, use the
definitions in ‘SHOW
general, PARAMETER
access should dblink’
be granted command in
according to SERVER
work related MANAGER to
needs and in verify that this
accordance parameter is
with set to TRUE.
regulations. This step
verifies that
the parameter
has been
activated for
the Oracle
database
instance which
is being
checked.
5. For each
database
incoming link
identified in
testing step 3,
inquire as to
the specific
needs which
caused the
creation of
such a link.
Evaluate this
with particular
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
focus on the
need for such
a link.
2.30 The The objective The objective The objective The objective If the The objective If the
Documentation documentation is to evaluate is to evaluate is to evaluate is to evaluate documentatio is to evaluate documentatio
for the of the whether the whether the whether the whether the n is not whether the n is not
Configuration configuration, available available available available adequate, available adequate,
and Use of DB maintenance, documentation documentation documentation documentation available and documentation available and
operations and adheres to the adheres to the adheres to the adheres to the up to date, adheres to the up to date,
use of the DB standards; standards; standards; standards; there is a risk standards; there is a risk
system is whether it is whether it is whether it is whether it is of a whether it is of a
included as a complete, complete, complete, complete, dependency complete, dependency
part of the relevant, up to relevant, up to relevant, up to relevant, up toon individual relevant, up toon individual
other audit date; and date; and date; and date; and persons, of date; and persons, of
steps. whether it is whether it is whether it is whether it is operating whether it is operating
available to available to available to available to errors and of available to errors and of
In this section, the relevant the relevant the relevant the relevant degraded the relevant degraded
the focus staff. staff. staff. staff. stability of staff. stability of
should operations operations
primarily be on Examine the Examine the Examine the Examine the and, in the Examine the and, in the
whether the available available available available worst case, a available worst case, a
documentation documentation documentation documentation documentation risk of data documentation risk of data
: and evaluate and evaluate and evaluate and evaluate being and evaluate being
whether whether whether whether compromised whether compromised
q Adheres to operating, operating, operating, operating, operating,
the set or lost. or lost.
system, and system, and system, and system, and system, and
standards user user user user user
q Is complete, documentation documentation documentation documentation documentation
relevant and adheres to the adheres to the adheres to the adheres to the adheres to the
up to date standards of standards of standards of standards of standards of
the the the the the
q Is available organization. organization. organization. organization. organization.
and adequate
for those staff During the During the During the During the During the
groups who review, review, review, review, review,
need the attention attention attention attention attention
information. should be should be should be should be should be
given to given to given to given to given to
The whether the whether the whether the whether the whether the
documentation documentation documentation documentation documentation documentation
should is up-to-date, is up-to-date, is up-to-date, is up-to-date, is up-to-date,
include: adequate and adequate and adequate and adequate and adequate and
available to available to available to available to available to
q Operational those those those those those
documentation members of members of members of members of members of
staff who need staff who need staff who need staff who need staff who need
q User
it. The it. The it. The it. The it. The
documentation
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
q System should include: should include: should include: should include: should include:
documentation
q Description q Description q Description q Description q Description
q Test of the of the of the of the of the
documentation installation’s installation’s installation’s installation’s installation’s
use of RACF/ use of OS use of OS use of OS use of OS
ACF2 classes classes classes classes classes
q Written q Written q Written q Written q Written
guidelines for guidelines for guidelines for guidelines for guidelines for
assigning and assigning and assigning and assigning and assigning and
administrating administrating administrating administrating administrating
authorizations authorizations authorizations authorizations authorizations
q Description q Description q Description q Description q Description
of any EXIT of any of any of any of any
routines/ privileged privileged privileged privileged
programs routines/ routines/ routines/ routines/
programs programs programs programs
q Description
of change and q Description q Description q Description q Description
control of change and of change and of change and of change and
procedures control control control control
procedures procedures procedures procedures
q Description
of operating q Description q Description q Description q Description
procedures of operating of operating of operating of operating
procedures procedures procedures procedures
q User
manuals, q User q User q User q User
especially with manuals, manuals, manuals, manuals,
regard to especially with especially with especially with especially with
changes made regard to regard to regard to regard to
directly in DB2 changes made changes made changes made changes made
tables directly in DB directly in DB directly in DB directly in DB
tables. tables. tables. tables.
2.31 Logging The DB The objectives 1. Understand The objectives The objectives If all active The objectives If all active
Transactions system of the audit are and document of the audit are of the audit are log data sets of the audit are log data sets
immediately to evaluate policies, to evaluate to evaluate are filled to evaluate are filled
records all whether the procedures, whether the whether the without being whether the without being
changes to number of log standards, and number of log number of log copied to number of log copied to
data and other data sets guidance data sets data sets archive data data sets archive data
important defined is regarding defined is defined is sets, the DB2 defined is sets, the DB2
events in an sufficient to auditing within sufficient to sufficient to system and sufficient to system and
active log date ensure the Oracle ensure ensure all user ensure all user
set. When an uninterrupted database. If uninterrupted uninterrupted applications uninterrupted applications
active log data operations of management operations of operations of will stop. If operations of will stop. If
set is full, or if the DB2 chooses not to the DB the DB the log data the DB the log data
a special system, and use or rely on system, and system, and sets are system, and sets are
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
command is whether the Oracle whether the whether the incomplete or whether the incomplete or
issued to the log data sets database log data sets log data sets inadequately log data sets inadequately
database, the are adequately auditing to log are adequately are adequately secured, are adequately secured,
database protected use of system protected protected there is a risk protected there is a risk
copies the against loss privileges, no against loss against loss of loss of against loss of loss of
content of the and further testing and and date, if data is and date, if data is
log data set to destruction. is required for destruction. destruction. to be destruction. to be
an archive this control recreated recreated
data set on The following activity. Review the Review the after an error Review the after an error
disk or tape. parameters in current current or after being current or after being
DB uses the DSNZPARM 2. Verify that configuration configuration destroyed. configuration destroyed.
log for restart should be set the Audit trail of the logging of the logging of the logging
and recovery. for maximum is configured environment to environment to environment to
For example, security: correctly in the evaluate the evaluate the evaluate the
the logging database by reasonablenes reasonablenes reasonablenes
q obtaining a s of the s of the s of the
environment in TWOACVT=Y
DB2 is copy of settings. The settings. The settings. The
ES: INIT.ORA and number and number and number and
configured Determines
through ensuring that size of log size of log size of log
that dual the data sets data sets data sets
parameters in logging is
DSNZPARM. AUDIT_TRAIL should be should be should be
used. The two parameter is sufficient to sufficient to sufficient to
logs should be set to DB, OS, ensure that ensure that ensure that
on separate or TRUE. there is no risk there is no risk there is no risk
disk volumes. Further verify that the DB that the DB that the DB
q that the audit system will system will system will
TWOARCH=Y trail is active stop before the stop before the stop before the
ES: for all active current current current
Determines instances of archiving is archiving is archiving is
that two Oracle by completed. completed. completed.
archive copies issuing the The number of The number of The number of
are used. command active log data active log data active log data
"SHOW sets is sets is sets is
Review the PARAMETER determined by determined by determined by
current AUDIT" in how many how many how many
configuration SERVER data sets have data sets have data sets have
of the logging MANAGER. been created. been created. been created.
environment to Note whether
evaluate the the audit trail Write access Write access Write access
reasonablenes is set to OS or to both active to both active to both active
s of the DB. If the audit log data sets log data sets log data sets
settings. The trail is set to and archive and archive and archive
number and FALSE, no data should be data should be data should be
size of log further testing limited to the limited to the limited to the
data sets is required. DB system DB system DB system
should be This is an user ID. user ID. user ID.
sufficient to exception.
ensure that
there is no risk 3. To verify
that the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
that the DB2 database has

system will been
stop before the consistently
current logging audit
archiving is trail
completed. information,
The number of perform the
active log data following:
sets is
determined by 3a. If the
how many “AUDIT_TRAI
data sets have L” is set to DB
been created. or TRUE, then
This can be use:
found through SELECT
Omegamon/ DISTINCT
DB2 or by list SUBSTR(time
data sets with stamp,1,2),
the naming SUBSTR(time
standard stamp,4,3),
‘hlq.LOGCOP
Y1.*’ and SUBSTR(time
‘hlq.LOGCOP stamp, 8,2)
Y2.*’, where
‘hlq’ is the FROM
high-level sys.dba_audit
qualifier for _trail ORDER
data sets in BY
the DB2 SUBSTR(time
system If stamp,4,3),
Omegamon/ SUBSTR(time
DB2 is not stamp,1,2);
available, the
From the list of
name of the
date-stamps,
active log data
check to see
sets can be
that the range
found with the
of dates is
program
appropriate.
DSNJU004
The list
“Print Log
Map.” should include
Alternatively, all dates since
the prefix for the time the
log data sets database
for the administrator
database can last performed
be found in the
installation maintenance
information in on the audit
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
DSNZPARx, trail file to

today. There
member should be no
DSNTIJUZ. gaps in the
This includes date range.
“ARCPFX=xyz Any
”, where xyz
represents the gaps should
data set prefix. be fully
explained (e.g.
Then ISPF no-one works,
Utilities, 4 and no
“Data Set List database
Utility” can be maintenance
used to find takes place
the relevant ds
names. on weekends).
Write access 3b. If the
to both active “AUDIT_TRAI
log data sets L” is set to OS:
and archive Obtain the last
data should be modified date
limited to the for the audit
DB2 system trail files.
user ID.
Note that the
location of the
audit trail files
can be
obtained by
issuing the
Server
Manager
command
"SHOW
PARAMETER
AUDIT_FILE_
DEST." This
parameter
defaults to
$ORACLE_H
OME/
RDBMS/
AUDIT. Here
$ORACLE_H
OME
represents the
location path
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
for
the oracle
home
directory.
Since each
operating
system is
unique, refer
to operating
system
documentation
for specific
information on
testing the
date and time
stamps for
files.
4. Corroborate
with the
database
administrator(s
) and security
administrator(s
) the extent
and use of
database
auditing
related to
system
privileges.
Specifically
identify all the
database
auditing
options set for
system
privilege
auditing by
reviewing
dba_priv_audit
_opts
table (where
user_name is
NULL)
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
2.32 Other Built into the The objectives The objectives The objectives The objectives If necessary The objectives If necessary
Activities and DB system is of the audit are of the audit are of the audit are of the audit are information is of the audit are information is
Statistics the possibility to evaluate to evaluate to evaluate to evaluate not logged to evaluate not logged
for various whether whether whether whether and stored, whether and stored,
forms of adequate adequate adequate adequate there is a risk adequate there is a risk
logging that logging of logging of logging of logging of of an logging of of an
should be events in the events in the events in the events in the inadequate events in the inadequate
used to DB2 system is DB system is DB system is DB system is audit train, DB system is audit train,
register performed and performed and performed and performed and and it may not performed and and it may not
security whether the whether the whether the whether the be possible to whether the be possible to
events and log is log is log is log is investigate log is investigate
information adequately adequately adequately adequately security adequately security
which could be protected. protected. protected. protected. events or protected. events or
of significance other other
to the audit Examine the Examine the Examine the Examine the significant Examine the significant
trail. Ensure extent of extent of extent of extent of incidents. extent of incidents.
that statistics and statistics and statistics and statistics and statistics and
appropriate log collection log collection log collection log collection log collection
security and compare and compare and compare and compare and compare
events are this to the this to the this to the this to the this to the
logged. system system system system system
and relevant and relevant and relevant and relevant and relevant
guidelines. guidelines. guidelines. guidelines. guidelines.
Discrepancies Discrepancies Discrepancies Discrepancies Discrepancies
should be should be should be should be should be
explained and explained and explained and explained and explained and
evaluated. evaluated. evaluated. evaluated. evaluated.
Since this type Since this type Since this type Since this type Since this type
of logging can of logging can of logging can of logging can of logging can
seriously affect seriously affect seriously affect seriously affect seriously affect
the the the the the
performance performance performance performance performance
of the DB2 of the DB of the DB of the DB of the DB
system, the system, the system, the system, the system, the
choice of choice of choice of choice of choice of
settings should settings should settings should settings should settings should
be based on be based on be based on be based on be based on
careful careful careful careful careful
evaluation. evaluation. evaluation. evaluation. evaluation.
The collection
is controlled
through the
following
parameters in
DSNZPARM
(described in
more detail in
6.3.1
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
Installation):
q SMFACCT
q SMFSTAT
q AUDITST
Verify via
member
SMFPRMxx in
SYS1.PARNLI
B that SMF
records 100,
101 and 102,
which all relate
to DB2, are
collected.
These records
should be
included in the
parameter
TYPE and
should not be
included in any
NOTYPE
parameter.
See Appendix
P: Example of
SMFPARM.
Verification
that SMF
information
cannot be
changed and
that it is
archived in
accordance
with
regulations is
usually
performed
during an MVS
audit.
2.33 Monitoring Built into the The objective The objective The objective The objective Inadequate The objective Inadequate
and Review DB system is of the audit is of the audit is of the audit is of the audit is review of the of the audit is review of the
the possibility to evaluate to evaluate to evaluate to evaluate DB2 system to evaluate DB2 system
for various whether the whether the whether the whether the functionality whether the functionality
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
forms for collected logs collected logs collected logs collected logs may result in collected logs may result in
logging which are are are are problems are problems
should be subsequently subsequently subsequently subsequently regarding subsequently regarding
used to used for used for used for used for security, used for security,
monitor realistic realistic realistic realistic functionality realistic functionality
system review/ review/ review/ review/ and operating review/ and operating
functionality monitoring. monitoring. monitoring. monitoring. stability not monitoring. stability not
and security being being
related events. Review Understand Review Review detected in Review detected in
system and document system system time. system time.
documentation company documentation documentation documentation
and relevant policies, and relevant and relevant A typical DB2 and relevant A typical DB2
procedures procedures, procedures procedures system procedures system
and evaluate standards, and evaluate and evaluate undergoes and evaluate undergoes
whether the and/ whether the whether the continuous whether the continuous
necessary or guidance necessary necessary change which necessary change which
monitoring and regarding monitoring and monitoring and usually has a monitoring and usually has a
review of periodic review review of review of potential review of potential
significant of security significant significant effect on significant effect on
information is violations. It information is information is performance, information is performance,
performed. It should be performed. It performed. It operating performed. It operating
should be described who should be should be stability and should be stability and
described who uses the described who described who security. described who security.
uses the collected uses the uses the These uses the These
collected registrations collected collected changes and collected changes and
registrations for what. registrations registrations their registrations their
for what. Corroborate for what. for what. consequence for what. consequence
the functioning s should s should
Special and Special Special appear from Special appear from
attention effectiveness attention attention the DB2 attention the DB2
should be of such should be should be system log, should be system log,
given to policies, given to given to and the log given to and the log
whether procedures, whether whether should be whether should be
continuous standards, and continuous continuous included in a continuous included in a
review is guidance review is review is continuous review is continuous
performed of through (a) performed of performed of performance performed of performance
security inquiry of security security evaluation of security evaluation of
related events, individuals related events, related events, the DB2 related events, the DB2
such as responsible for such as such as system. such as system.
activities database and activities activities activities
performed by security performed by performed by Since this performed by Since this
Privileged administration, Privileged Privileged logging can Privileged logging can
users, or and (b) users, or users, or be very users, or be very
access to reference to access to access to complex, and access to complex, and
sensitive data. client sensitive data. sensitive data. log review sensitive data. log review
documentation correspondin correspondin
of the gly difficult, gly difficult,
procedures the the
performed. monitoring monitoring
should be should be
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
Ensure that supported by supported by

adequate a recognized a recognized
documentation “monitor” tool. “monitor” tool.
exists. Note Otherwise, Otherwise,
that if the there is a risk there is a risk
Oracle audit that that
trail function is inadequate inadequate
relied upon by control of the control of the
the company DB2 system DB2 system
for this control, functionality functionality
the integrity of may lead to may lead to
audit trail problems problems
should be regarding regarding
tested. security, security,
functionality functionality
Identify any and operating and operating
reports that stability not stability not
exist in the being being
company that detected in detected in
are used to time. time.
monitor
security
violations.
Verify through
documentation
that such
reports are
regularly
reviewed by
appropriate
security
administrators.
At a minimum,
such reports
should contain
information on
failed log in
attempts.
Verify that the
"CREATE
SESSION"
system
privilege is
audited and
reported.
2.34 Physical Physical The objectives The objectives The objectives The objectives If the The objectives If the
Security security is of the review of the review of the review of the review Information of the review Information
made up of a Systems of Systems of
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
number of are are: are: are: the are: the

factors that all organization organization
have the q To evaluate q To evaluate q To evaluate q To evaluate are material q To evaluate are material
common whether the whether the whether the whether the for its whether the for its
purpose to necessary necessary necessary necessary survival/ necessary survival/
ensure that hardware is hardware is hardware is hardware is hardware is
assets – in this located in an located in an located in an located in an business, it is located in an business, it is
case, primarily appropriate appropriate appropriate appropriate of crucial appropriate of crucial
the data and location so location so location so location so importance location so importance
processing that access is that access is that access is that access is that neither that access is that neither
capacity – of only possible only possible only possible only possible intentional nor only possible intentional nor
the for persons for persons for persons for persons unintentional for persons unintentional
organization who need it who need it who need it who need it incidents can who need it incidents can
are kept in according to according to according to according to compromise according to compromise
operational their functional their functional their functional their functional the system their functional the system
condition and descriptions. descriptions. descriptions. descriptions. and/ descriptions. and/
cannot be q To evaluate q To evaluate q To evaluate q To evaluate or data or q To evaluate or data or
used by whether the whether the whether the whether the make the whether the make the
unauthorized hardware has hardware has hardware has hardware has system or hardware has system or
persons. been been been been data been data
sufficiently sufficiently sufficiently sufficiently unavailable. sufficiently unavailable.
protected from protected from protected from protected from protected from
situations that situations that situations that situations that situations that
may occur in may occur in may occur in may occur in may occur in
extreme extreme extreme extreme extreme
circumstances circumstances circumstances circumstances circumstances
(such as (such as (such as (such as (such as
flooding and flooding and flooding and flooding and flooding and
fire), and that fire), and that fire), and that fire), and that fire), and that
precautions precautions precautions precautions precautions
taken to taken to taken to taken to taken to
mitigate/ mitigate/ mitigate/ mitigate/ mitigate/
remedy any remedy any remedy any remedy any remedy any
disruptions in disruptions in disruptions in disruptions in disruptions in
supply supply supply supply supply
(electricity, (electricity, (electricity, (electricity, (electricity,
telephony, telephony, telephony, telephony, telephony,
water). water). water). water). water).
Ask for a tour Ask for a tour Ask for a tour Ask for a tour Ask for a tour
of the location of the location of the location of the location of the location
where where where where where
individual individual individual individual individual
pieces of pieces of pieces of pieces of pieces of
hardware have hardware have hardware have hardware have hardware have
been placed been placed been placed been placed, been placed,
and ask for and ask for and ask for and ask for and ask for
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
information information information information information

about the about the about the about the about the
that have been that have been that have been that have been that have been
safeguard safeguard safeguard safeguard safeguard
hardware from hardware from hardware from hardware from hardware from
access/ access/ access/ access/ access/
destruction destruction destruction destruction destruction
including including including including including
which which which which which
backups are backups are backups are backups are backups are
not destroyed not destroyed not destroyed not destroyed not destroyed
at the same at the same at the same at the same at the same
time as the time as the time as the time as the time as the
original data. original data. original data. original data. original data.
Evaluate Evaluate Evaluate Evaluate Evaluate
burglary and burglary and burglary and burglary and burglary and
fire alarms, fire alarms, fire alarms, fire alarms, fire alarms,
etc., including etc., including etc., including etc., including etc., including
whether it is whether it is whether it is whether it is whether it is
regularly regularly regularly regularly regularly
tested that tested that tested that tested that tested that
these function these function these function these function these function
as intended. as intended. as intended. as intended. as intended.
definitions in definitions in definitions in definitions in definitions in
any access any access any access any access any access
control control control control control
software and/ software and/ software and/ software and/ software and/
or physical or physical or physical or physical or physical
keys to the keys to the keys to the keys to the keys to the
locations, locations, locations, locations, locations,
compared to compared to compared to compared to compared to
the individual the individual the individual the individual the individual
persons’ persons’ persons’ persons’ persons’
documented documented documented documented documented
access needs. access needs. access needs. access needs. access needs.
administration administration administration administration administration
and review of and review of and review of and review of and review of
both access both access both access both access both access
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
control control control control control

definitions and definitions and definitions and definitions and definitions and
key key key key key
possession possession possession possession possession
and use. and use. and use. and use. and use.
CHANGE MANAGEMENT
Control Objective Control Activity Audit Procedure Conclusion Signoff
1. Change To ensure a formally documented change • Determine if a change management process(es) exists and is formally
Management management process exists and is documented.
Documentation maintained to reflect the current process.
• Obtain a copy of the change management procedures and verify that they (at a
minimum) include:
− Accountability for managing and coordinating changes;
− The change management flow(s) within the organization;
− The change management responsibilities of each organizational function;
− The deliverables from each organizational component;
− Specific timetables for reviewing and scheduling planned changes;
− Specific timetables for the retention of historical records;
− The handling of all changes, including change back-outs;
− The circumstances when normal change management controls can be waived,
and the methodology to be followed in those situations (e.g., emergency).
• Determine the process used to identify and update user/

system documentation as a result of the change(s) made.
• Determine if a process exists to maintain the change management procedures.

Identify DB products and versions in use.
2. Change Initiation To ensure change requests are properly • Verify a methodology is used for initiation and approval of changes.
and Approval initiated and approved.
• Ensure the request form includes (at a minimum) the following information:
− name of requester
− phone number and department
− requester's signature
− reason for change
− List of modules that need to be changed

− Supervisor's name
− Supervisor's approval (changes must be approved by someone other than the
requester).
Determine if priorities are assigned to the change requests.
• Ensure estimated time of completion and budgeted costs are communicated.
• Evaluate the process used to control and monitor change requests (central
repository and aging mechanism).
3. Modification or Ensure code modification/ • Ensure all changes are applied to a copy of the latest production version of code.
Development development is performed in a segregated,
controlled environment (separate from quality • Verify code is modified/
assurance (QA) and production). developed in an area separate from testing/
quality assurance, and production.
• Determine if programs can be checked out by more than one programmer

simultaneously. Verify a process exists to support concurrent development.
• Determine if a version control process exists to ensure the correct module was
copied from production.
• Determine how the programmer is made aware of all the modules that need to be
changed.
• Ensure history records are kept of code check-ins/

outs, and deletions, which are made to the production library. Determine if a work
order number is associated with the history record (this should be traceable back to
the initial request).
• Verify a process exists that requires Programming Management to review the

source code to ensure changes are appropriate and meet the departments
programming and documentation standards.
4. Testing and To ensure changes made to applications/ • Verify code is tested in a segregated/
Acceptance systems are adequately tested before being controlled environment (a testing/
placed into a production environment. QA region which is separate from development and production).
• Determine how code is moved into the testing/

QA environment.
• Determine who moves the code into the testing/

QA environment.
• Determine a process exists to "freeze" code once migrated into the testing/
quality assurance environment. This ensures no further changes can be made to
the code while awaiting User acceptance.
• Determine to what extent the User is involved in the testing process (e.g.,
preparation of tests and data).
• Ensure the test results are reviewed and approved by the User. Verify the method
of User acceptance (e.g., verbal, written).
• Verify the existence of back-out procedures. These procedures should outline the
process used to back code out of the testing/
QA region, in the event the user does not approve the original changes and
additional modifications are necessary.
• Ensure a process exists to document problems encountered during this phase of

the change methodology. Determine how problems are followed-up and resolved.
5. Implementation To ensure only authorized/ • Verify procedures exist to ensure the approved code from the test environment is
approved software is moved into production. the version moved into production.
• Determine who is responsible for migration of code into production.
• Determine how code is implemented in the production environment.
• Verify the existence of back-out procedures. These procedures should outline the
process used to back code out of the production.5. Determine if a baseline of the
database application is updated and maintained after changes are made to the
database.6. Determine if a process exists to reconcile changes. Verify who
performs this process and how often the process takes place.
6. Non-Emergency To verify changes are properly authorized • Select a sample of non-emergency changes (application/
Changes and adhere to the established change control system) that have occurred during the period of review from the source program
methodology. library directory.
• Using the sample selected in test #1, verify the following:

− All changes have been formally initiated, completely documented, and approved
by someone other than the requester.
− All changes have documentation stating code is ready to be moved from
development to testing/
QA with the authorized approvals.
− All changes have documentation stating that they have been received and
reviewed by a QA type function and approved by the User prior to installation
into production. Ensure that results of tests performed are documented.
− Documentation exists showing a source comparison was performed prior to
installation into production. A source comparison will determine if the current
production source matches the current load program.
• Obtain a copy of the change reconciliation report. Verify evidence exists for the
review and reconciliation of changes.
7. Emergency Changes To ensure a process exists to control and • Determine if a process exists to control and supervise emergency changes.
supervise changes made in an emergency
situation. • Determine the use of emergency user ids. If emergency changes are made through
the use of emergency ids, ensure a process exists to enable and disable them (at a
minimum 2 people should be involved in this process - if it is not automated).
• Ensure an audit trail exists of all emergency id usage and that it is independently
reviewed.
• Ensure emergency changes are approved by appropriate levels of management

prior to implementation into production.
• Determine that procedures require that emergency changes be supported by

appropriate documentation (e.g., evidence of management approval, code review)
within one business day after the emergency is resolved.
• Verify a list of Business/

Operations Management allowed to approve emergency changes exists.
Programmers should not be able to initiate emergency changes.
• Determine if the approval of Business/

Operations Management is required prior to the implementation of an emergency
change.
• Ensure back-out procedures exist. These procedures should outline the process
used to back code out of the production.
8. Security Patch To ensure that the latest security patch has • Based on a review of the DB system determine the last security update that was
Updates been installed. made to the system.
• Determine from the OEM what the latest security update was.
• Confirm with the DB Administrator if the latest security patch has been installed and
if not, why it has not been installed.
Monitoring
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
Control Control Procedure
Procedure Procedure Procedure Procedure Impact Impact
Objective Activity (Oracle
RDB7)
Ensure Continuity
3.1 Procedures Review Review Review Review Review

Restart/Recover are relevant policy relevant policy relevant policy relevant policy relevant policy
y Procedures documented and and and and and
for the procedures procedures procedures procedures procedures
operation of document document document document document
the DB pertaining to pertaining to pertaining to pertaining to pertaining to
software. recovery of the recovery of the recovery of the recovery of the recovery of the
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
These DB2 database DB database DB database DB database DB database

procedures in the event in the event in the event in the event in the event
include the database the database the database the database the database
procedures for fails. fails. fails. fails. fails.
starting and
stopping the
DB software
and individual
databases and
should cover
the emergency
procedures to
be followed in
the event of
DB or
database
failure.
3.2 Data Backup Procedures "1. Obtain and "1. Obtain and "1. Obtain and "1. Obtain and "1. Obtain and
exist to ensure review the review the review the review the review the
that backups policies and policies and policies and policies and policies and
of data and procedures procedures procedures procedures procedures
programs are addressing addressing addressing addressing addressing
performed, data backups, data backups, data backups, data backups, data backups,
stored in an tape retention tape retention tape retention tape retention tape retention
appropriate period and off- period and off- period and off- period and off- period and off-
onsite/ site tape site tape site tape site tape site tape
offsite storage. storage. storage. storage. storage.
location. Ensure that Ensure that Ensure that Ensure that Ensure that
Onsite/ the the the the the
offsite documented documented documented documented documented
locations are policies and policies and policies and policies and policies and
adequately procedures procedures procedures procedures procedures
safeguarded adequately adequately adequately adequately adequately
from address the address the address the address the address the
unauthorized data backups, data backups, data backups, data backups, data backups,
personnel. tape retention tape retention tape retention tape retention tape retention
and off-site and off-site and off-site and off-site and off-site
tape storage tape storage tape storage tape storage tape storage
In addition, In addition, In addition, In addition, In addition,
policies and policies and policies and policies and policies and
procedures procedures procedures procedures procedures
are up to date are up to date are up to date are up to date are up to date
to reflect to reflect to reflect to reflect with to reflect
current current current current current
environment. environment. environment. environment. environment.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
2. Interview 2. Interview 2. Interview 2. Interview 2. Interview

the the the the the
individual to individual to individual to individual to individual to
exist to ensure exist to ensure exist to ensure exist to ensure exist to ensure
backups are backups are backups are backups are backups are
being being being being being
completed as completed as completed as completed as completed as
scheduled. In scheduled. In scheduled. In scheduled. In scheduled. In
addition, addition, addition, addition, addition,
defined defined defined defined defined
exist to handle exist to handle exist to handle exist to handle exist to handle
exceptions to exceptions to exceptions to exceptions to exceptions to
the daily the daily the daily the daily the daily
backup backup backup backup backup
schedule. schedule. schedule. schedule. schedule.
whether whether whether whether whether
backups of backups of backups of backups of backups of
relevant DB2 relevant DB relevant DB relevant DB relevant DB
libraries and libraries and libraries and libraries and libraries and
full imagecopy full imagecopy full imagecopy full imagecopy full imagecopy
of DB2 tables of DB tables of DB tables of DB tables of DB tables
are made with are made with are made with are made with are made with
regular regular regular regular regular
intervals, and intervals, and intervals, and intervals, and intervals, and
incremental incremental incremental incremental incremental
imagecopies imagecopies imagecopies imagecopies imagecopies
are made daily are made daily are made daily are made daily are made daily
of tables. of tables. of tables. of tables. of tables.
whether this whether this whether this whether this whether this
ensures that ensures that ensures that ensures that ensures that
the systems the systems the systems the systems the systems
can be can be can be can be can be
recovered in recovered in recovered in recovered in recovered in
case of a case of a case of a case of a case of a
disruption. The disruption. The disruption. The disruption. The disruption. The
requirement requirement requirement requirement requirement
for how fast for how fast for how fast for how fast for how fast
data can be data can be data can be data can be data can be
restored and restored and restored and restored and restored and
the frequency the frequency the frequency the frequency the frequency
and number of and number of and number of and number of and number of
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
daily updates daily updates daily updates daily updates daily updates
determines determines determines determines determines
what what what what what
combination of combination of combination of combination of combination of
the two forms the two forms the two forms the two forms the two forms
of imagecopy of imagecopy of imagecopy of imagecopy of imagecopy
should be should be should be should be should be
used. used. used. used. used.
3. Interview 3. Interview 3. Interview 3. Interview 3. Interview
the the the the the
individual to individual to individual to individual to individual to
backup tapes backup tapes backup tapes backup tapes backup tapes
are rotated to are rotated to are rotated to are rotated to are rotated to
off-site off-site off-site off-site off-site
location. location. location. location. location.
all changes to all changes to all changes to all changes to all changes to
the backup the backup the backup the backup the backup
schedules are schedules are schedules are schedules are schedules are
controlled controlled controlled controlled controlled
through a through a through a through a through a
formal change formal change formal change formal change formal change
control control
process. control control process. control
process. process. process.
5. Ensure that 5. Examine
the DSNTIJUZ 5. Examine 5. Examine and evaluate 5. Examine
job that builds and evaluate and evaluate whether log and evaluate
the whether log whether log tapes are whether log
DSNZPARM is tapes are tapes are moved from tapes are
protected. moved from moved from the computer moved from
the computer the computer room to a the computer
6. Examine room to a room to a secure room to a
and evaluate secure secure location (such secure
whether log location (such location (such as a fireproof location (such
tapes are as a fireproof as a fireproof vault or an as a
moved from vault or an vault or an archive in a
the computer archive in a archive in a fireproof vault
different or an archive
room to a different different building) in
secure building) in building) in in a different
accordance building) in
location (such accordance accordance with
as a fireproof with with accordance
predetermined with
vault or an predetermined predetermined guidelines (for
archive in a guidelines guidelines predetermined
instance, when guidelines
different they are full or
building) in (for instance, (for instance,
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
accordance when they are when they are at regular (for instance,
with full or at full or at intervals), and when they are
predetermined regular regular that they are full or at
guidelines (for intervals), and intervals), and retained at regular
instance, when that they are that they are least for a intervals), and
they are full or retained at retained at period which that they are
at regular least for a least for a covers the retained at
intervals), and period which period which time back to least for a
that they are covers the covers the the last period which
retained at time back to time back to imagecopy. covers the
least for a the last the last time back to
period which imagecopy. imagecopy. 6. Examine the last
covers the whether it is imagecopy.
6. Examine 6. Examine continuously/
time back to whether it is whether it is periodically 6. Examine
the last continuously/ continuously checked that whether it is
imagecopy. / backup copies continuously/
periodically periodically are complete
7. Examine checked that checked that and readable periodically
whether it is backup copies backup copies and evaluate checked that
continuously/ are complete are complete these checks." backup copies
periodically and readable and readable are complete
checked that and evaluate and evaluate and readable
backup copies these checks." these checks." and evaluate
are complete these checks."
and readable
and evaluate
these checks."
"Determine if
archiving
procedures
have been
defined and
implemented
for data and
re-do logs:
7 Obtained
current archive
log setting at
the PRD
database by
executing the
following at
Server
Manager
(SVRMGR):
SVRMGR>
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
ARCHIVE
LOG LIST
Here is a
sample of the
return value:
Database log
mode Archive
Mode
Automatic
archival
Enabled
Archive
destination/
oracle/
PRD/
saparch/
PRDarch
Oldest online
log sequence
30879
Next log
sequence to
archive 30882
Current log
sequence
30882
Review the
output, and
make sure that
‘database log
mode’ is
‘archive
mode’,
indicating
archive mode
is turned on. In
addition,
ensure that
‘automatic
archival’ is
‘enabled’,
indicating that
re-do logs are
automatically
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
copied to the
‘archive
destination’
once it is filled.
If any of these
two are not
turned,
communicate
with DBA and
obtain the
rationale why it
is not turned
on.
Review the
‘archive
destination’
and ensure
that the
archive logs
are written to a
separate disk
from re-do
logs.
8. Review the
‘alert_<SID>.lo
g’ file for the
PRD
database. This
file includes all
parameters
that the
instance read
when it was
started. If the
following
shows up in
the
alert_<SID>.lo
g at the start of
the db, it
indicates that
archiving
mode was
turned since
the start of the
instance.
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
log_archive_st
art = TRUE
log_archive_d
est =/
oracle/
PRD/
saparch/
PRDarch"
3.3 Contingency There is a risk "The objective "The objective "The objective "The objective "The objective
Plans that recovery of the audit is of the audit is of the audit is of the audit is of the audit is
of data may to examine: to examine: to examine: to examine: to examine:
take
disproportionat  Whether  Whether  Whether  Whether  Whether
ely long time, procedures procedures procedures procedures procedures
or in the worst and guidelines and guidelines and guidelines and guidelines and guidelines
case, that for recovery of for recovery of for recovery of for recovery of for recovery of
recovery is DB2 systems DB systems in DB systems in DB systems in DB systems in
impossible, if in case of case of case of case of case of
documented disruptions or disruptions or disruptions or disruptions or disruptions or
and tested disasters exist. disasters exist. disasters exist. disasters exist. disasters exist.
plans for  Whether  Whether  Whether  Whether  Whether
recovery of DB descriptions descriptions descriptions descriptions descriptions
data do not intended to aid intended to aid intended to aid intended to aid intended to aid
exist. in the restore in the restore in the restore in the restore in the restore
of libraries and of libraries and of libraries and of libraries and of libraries and
data exist on data exist on data exist on data exist on data exist on
in external in external in external in external in external
archive. archive. archive. archive. archive.
 Whether  Whether  Whether  Whether  Whether
regular testing regular testing regular testing regular testing regular testing
of the of the of the of the of the
contingency contingency contingency contingency contingency
plans is plans is plans is plans is plans is
performed. performed. performed. performed. performed.
procedures in procedures in procedures in procedures in procedures in
the the the the the
plans/ plans/ plans/ plans/ plans/
emergency emergency emergency emergency emergency
procedures for procedures for procedures for procedures for procedures for
the recovery of the recovery of the recovery of the recovery of the recovery of
DB2 systems DB systems DB systems DB systems DB systems
and data and and data and and data and and data and and data and
examine examine examine examine examine
Conclusion
Conclusion
Conclusion
Conclusion
Conclusion
Audit
Signoff
Signoff
Signoff
Signoff
Signoff
RDB7)
whether these whether these whether these whether these whether these
tested in tested in tested in tested in tested in
accordance accordance accordance accordance accordance
with with with with with
predetermined predetermined predetermined predetermined predetermined
Examine and Examine and Examine and Examine and Examine and
evaluate evaluate evaluate evaluate evaluate
reports have reports have reports have reports have reports have
been made in been made in been made in been made in been made in
connection connection connection connection connection
with testing of with testing of with testing of with testing of with testing of
the the the the the
plans and, if plans and, if plans and, if plans and, if plans and, if
so, whether so, whether so, whether so, whether so, whether
the relevant the relevant the relevant the relevant the relevant
departments departments departments departments departments
have reviewed have reviewed have reviewed have reviewed have reviewed
the reports." the reports." the reports." the reports." the reports."
Sample
SOX 404 Applications
Database Platform Number of Instances Sample Size Selection Criteria Sample Database Name(s)
DB2 # # # Mainframe
# AIX
Oracle 8i # # # Windows
Oracle 9i # # # each Windows, VMS, AIX,

HPUX
Oracle RDB7 # # # VMS
Sybase # # # Windows
SOX 404 Applications
Database Platform Number of Instances Sample Size Selection Criteria Sample Database Name(s)
Progress # # # AIX
# Mainframe
Total Database Servers
# #

KL - Database Audit Program

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KL - Database Audit Program

Uploaded by

Copyright:

Available Formats

DATABASE AUDIT PROGRAM

Define IT Strategy and Organization

organizational organizational organizational organizational organizational

of requested of requested of requested of requested of requested

through a application through the through the through the

7. Evaluate 7. Request a 7. Request a 7. Request a 7. Request a

anyone will form. form. form. form.

they are no they are no

unauthorized any new unauthorized unauthorized unauthorized

2.7 High-Level Access to 1. Obtain a 1. Obtain a 1. Obtain a 1. Obtain a 1. Obtain a

the database alter/ the database. the database. the database.

3. Ensure that import_full_dat

N/A 2c. Identify all N/A N/A N/A

N/A 2d. Identify all N/A N/A N/A

N/A 3. In addition N/A N/A N/A

N/A 3b. Using the N/A N/A N/A

N/A 3c. Identify all N/A N/A N/A

network in network in network in network in result in network in result in

Administrator account account

combinations: to only to only

access. access. access. access. access.

allows. accounts. allows. allows. allows.

tables). The accounts. accounts. accounts. accounts. account to accounts. account to

privileges, (review DELETE DELETE DELETE

been contain contain

procedures procedures procedures procedures inconsistent. procedures inconsistent.

normal. This poses a poses a poses a poses a

describe a whether whether whether whether whether

“innocent” data is data is data is data is

q If ‘A’ is related to the

are further testing

DB2 system RYPT_LOGIN

that the DB2 database has

DSNZPARx, trail file to

Ensure that supported by supported by

number of are are: are: are: the are: the

information information information information information

control control control control control

Control Objective Control Activity Audit Procedure Conclusion Signoff

• Determine the process used to identify and update user/

• Determine if a process exists to maintain the change management procedures.

− List of modules that need to be changed

• Ensure estimated time of completion and budgeted costs are communicated.

• Determine if programs can be checked out by more than one programmer

• Ensure history records are kept of code check-ins/

• Verify a process exists that requires Programming Management to review the

• Determine how code is moved into the testing/

• Determine who moves the code into the testing/

preparation of tests and data).

• Ensure a process exists to document problems encountered during this phase of

• Determine who is responsible for migration of code into production.

• Determine how code is implemented in the production environment.

• Using the sample selected in test #1, verify the following:

minimum 2 people should be involved in this process - if it is not automated).

• Ensure emergency changes are approved by appropriate levels of management

• Determine that procedures require that emergency changes be supported by

• Verify a list of Business/

• Determine if the approval of Business/

3.1 Procedures Review Review Review Review Review

These DB2 database DB database DB database DB database DB database

2. Interview 2. Interview 2. Interview 2. Interview 2. Interview

SOX 404 Applications

Oracle 9i # # # each Windows, VMS, AIX,