I have an audit coming up, and I was wondering what physical, electronic, and logical access controls an auditor would look for when auditing a database for an ERP system. I'm really new to this process and any guidance would be appreciated.
Sql-server – What would I need to do to make sure the DB policies have to pass a security audit
auditoracleSecuritysql server
Related Question
- Mixed mode auditing – 12c
- MongoDB Audit Plugin – Fixing CONTROL [main] Failed Global Initialization on Ubuntu
- Audit kernel module usage in Oracle
- MariaDB – Auditing User Account Privileges
- Sybase ASE Auditing for sp_addlogin, sp_droplogin, sp_modifylogin
- Checking vulnerabilities for Oracle Data Integrator version 12.2.1.3.0
Best Answer
I do agree with DeCosta's answer. What requirements, specifications are you going to be audited on? But, as my best shot in the dark: This is a "best practice" publication for security related to SQL 2005 that was published by Microsoft
http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc
And the books online article:
http://msdn.microsoft.com/en-us/library/ms144228.aspx
Also, here is a list of things that PricewaterhouseCoopers covers in their services related to Audits of ERP systems. It may give you some ideas. The menu on the left hand side covers a lot of topics that may be helpful in sparking things to research.
http://www.pwc.com/be/en/systems-process-assurance/erp-security-erp-control.jhtml