Traceability of database operations to mitigate risks in audit processes
Abstract
In the field of databases, the lack of traceability of transactions or operations in a database is vital to respond to incidents that may originate within them, such as the alteration of unauthorized information. This article proposes an auditing model to mitigate risk using Oracle's object and transaction auditing approach. Finally, a laboratory was implemented in which the proposed model was deployed, ensuring the information's confidentiality, integrity, and availability.
Downloads
References
Ladino, Martha Isabel; Villa, Paula Andrea; López, Ana María. Fundamentos de iso 27001 y su aplicación en las empresas. Scientia et technica, 2011, vol. 17, no 47, p. 334-339. [Online]. Disponible en: https://www.redalyc.org/articulo.oa?id=84921327061
M. Doris. Metodologías de la seguridad informática. [On line]. Disponible en: http://seguridadinformatica.bligoo.ec/media/users/22/1142179/files/312461/Metodologia_de_la_Seguridad_Ing.pdf
J. Eterovic y G. Pagliari, Metodología de Análisis de Riesgos Informáticos. [Online]. Disponible en:
http:// www.cyta.com.ar/ta1001/v10n1a3.htm.
Elmasri, R., Díaz Martín, J. M., Navathe, S. B. Fundamentos de sistemas de bases de datos. Madrid: Pearson Educación, 2011.
Murillo, Johnny Villalobos. Auditando en las bases de datos. Uniciencia, 2008, vol. 22, no 1-2, p. 135-140. [Online]. Disponible en: https://www.redalyc.org/articulo.oa?id=475948929017
Modelos y de muestra, “SQL Developer Data Modeler 2.0: scripts DDL de muestra” Oracle, 2022. [Online]. Available: https://www.oracle.com/cl/database/technologies/appdev/datamodeler-samples.html. [Accessed: May. 22, 2022].
Yang, L. (2009). Teaching database security and auditing. SIGCSE Bulletin Inroads, 41(1), 241–245. https://doi.org/10.1145/1539024.1508954
Database 2 day Developer’s, “6 Using Triggers” Oracle, 2022. [Online]. Available: https://docs.oracle.com/database/121/TDDDG/tdddg_triggers.htm#TDDDG50000 [Accessed: May. 23, 2022].
Oracle. (2017). Oracle Audit Vault and Database Firewall. March. http://www.oracle.com/technetwork/database/database-technologies/audit-vault-and-database-firewall/overview/index.html
O. Cinar, RH Guncer y A. Yazici, "Seguridad de bases de datos en nubes privadas de bases de datos", Conferencia internacional sobre ciencia y seguridad de la información (ICISS) de 2016, 2016, págs. 1 a 5, doi: 10.1109/ICISSEC.2016.7885847.
-ul-Hasan, M., & Othman, S. H. (2019). A Conceptual Framework of Information Security Database Audit and Assessment. International Journal of Innovative Computing, 9(1), 7–13. https://doi.org/10.11113/ijic.v9n1.206
García, M. J. (2013). Database Main Threats Analisys Using MS SQL Server. 1–5. http://www.unab.edu.co/sites/default/files/MemoriasGrabadas/papers/capitulo9_paper_10.pdf
Copyright (c) 2022 Innovation and Software
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors exclusively grant the right to publish their article to the Innovation and Software Journal, which may formally edit or modify the approved text to comply with their own editorial standards and with universal grammatical standards, prior to publication; Likewise, our journal may translate the approved manuscripts into as many languages as it deems necessary and disseminates them in several countries, always giving public recognition to the author or authors of the research.
