Database InfoSec: Auditing (W6)

What is database auditing?? Is it anything like tax auditing!? Well..not exactly, however, they pretty much have the same concept, monitoring data.

“Database auditing is the activity of monitoring and recording configured database actions from database users and nondatabase users, to ensure the security of the databases” (ISACA, 2014). Database actions include: startups, logons, shutdowns, and data changes dealing with the database.

Auditing is very important to an organization’s database security, because otherwise, it would be ineffective. According to Tiwari (2016), database audits are mostly used to examine documentation that reflects actions, practices, and conduct of database users.


Database administrators normally handle security audits, and they mostly focus on “compliance to policies, procedures, and processes and laws” (Tiwari, 2016). During the audit, it’s standard procedure for auditors to keep an audit log, which is a “document that contains all activities that are being audited, ordered in a chronological manner” (Tiwari, 2016) However, audit logs are normally generated using an automated system.

My advice to all organizations is to audit their databases. Nonetheless, if you’re going to complete an audit, it’ll need to be efficient and well worth the time and money. To do this, I recommend using auditing software if needed, scheduling frequent audits, and developing standard objectives and procedures.



ISACA. (2014). Auditing Oracle Database. Retrieved from   Database.aspx?utm_referrer=

Tiwari, E. (2016, February 7). Database auditing models. Retrieved from



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s