Discretionary Access Controls
With discretionary access controls, a typical user may be authorized to perform the following functions within the database:
Create a schema. Create, modify, or delete views associated with a schema. Create, modify, or delete relations associated with the schema. Create, modify, or delete tuples in relations associated with the database schema. Retrieve data from tuples in relations associated with the schema.
These are privileges granted to users who are designated as the owners of a particular schema along with its related views. There is an important type of privilege, that of a user granting their privileges, or a portion of them, to another user. Privilege propagation is the case of a user granting privileges to another user, who in turn grants privileges to another user.
In the propagation of privileges, it is important for an auditor to determine the allowable degree of privilege propagation. It is equally important for an auditor to examine the degree of privilege revocation. For example, if it is discovered a user has abused her privileges, what affirmative steps were taken to revoke her access privileges?
Mandatory Access Controls
In MAC, database user access to a resource is governed by a strict security policy. Database resources in the way of data-objects/attributes and record/relations are assigned classification levels. It is also a common practice to assign a classification level to each record/relation equal to the highest classification level assigned to a data/item/attribute in the record/relation. When differing levels of classification are present in the database, users are not allowed to view all the data present in the database. They may view only those items they care cleared to see.
Managing access control rules are often done through the operating system and the database management system. For example, the operating system permits only authorized users to access the database subsystem, while the database management system restricts access and the degree of user data manipulation. Auditors must be aware this is somewhat of a redundant security procedure, but one that safeguards database contents.
When a database is distributed, it is even more difficult to ensure that database access and integrity are maintained and that complete and consistent access rules are enforced throughout the enterprise. It does not matter if the database is replicated at multiple sites, or if a different database is distributed to different sites from a central location, auditors should collect evidence that multiple access control mechanisms are implemented and are universal in supporting replication.
In any processing subsystem, the issue of data integrity is one of the primary audit concerns. In database management systems, the application software directly accesses and updates the database, however, the database management system depends on the application software to pass across the correct sequence of commands and update parameters taking appropriate actions when certain types of exceptions arise.
Software Controls and Update Protocols
Application software update protocols ensure that changes to the database reflect changes to entities and associations in data the database is supposed to reflect.
0 comments:
Post a Comment