Manualshelf

Wireless Office Headset User Manual

ManualsBrandsEmbarcadero Technologies ManualsHeadphone4.5
11121314151617181920
DASHBOARD CHARTS > CHART DESCRIPTIONS
EMBARCADERO TECHNOLOGIES > DSAUDITOR 4.5 USER GUIDE 14
Database account activity should be monitored including provisioning and deprovisioning users. When OS accounts
are deprovisioned, the matching database accounts should be removed as well. If your organization is not growing,
but you see many more roles and users created than dropped, you should review your de-provisioning process.
Security Charts - Schema Changes
Unauthorized and undetected changes to a database schema can cause system instability at the very least or result in
theft of assets in a worst-case scenario. Procedures should be in place to ensure that changes made to the database
schema are done in a controlled and authorized fashion and all schema changes should be monitored on critical
databases. A help desk system should be used to issue, track, and record changes for every production database.
References
Sarbanes-Oxley/CobiT §DS 5.5, PCI DSS §10.2.7, HIPAA §164.312 (b), FDA 21 CFR Part §11 11.10(e), GLBA/FFIEC
Information Security Handbook p. 64, Basel II/ISO 17799 §10.10.1, FISMA/NIST 800-53 §AU-2, NERC CIP-007-1
§R6.3
Database Schema Change Summary: Database schema change activity should be monitored and audited
weekly or monthly to ensure that the change management process is being followed.
Normally spikes in activity are considered an indicator of risk. However, if your organization has a well-controlled
change management process, this could be a normal pattern of activity bundling a number of database schema
changes together and would map to a Systems Development Lifecycle of Develop, Test, Release.
Ensure that spikes in activity correspond to authorized changes in the database and spot-check lower levels of
changes between these releases to ensure that they are also following change management processes. Frequent,
small number of changes may indicate a lot of unmanaged “tweaking” of the database that increases your risk of
outages, and should be investigated to ensure it makes sense from a business and security perspective.
Schema Changes by Unauthorized Applications: In a well-controlled environment, database schema
changes should be made only by authorized applications that include good access and auditing controls. Any instance
of a change made by an unrecognized application should be investigated to ensure that your change control
processes have not been circumvented and that a change has not been made by an unauthorized user.