InformationTechnologyCrossing

     

Forgot Your Password?    Remember Me

Try It Now!

EMPLOYERS, POST JOBS FOR FREE

Search Thousands of Jobs in Our Database
What Where
Keyword Search:
Browse Jobs by Location / Zip:
Organization Name:
Select Country:
Select Your Crossing/Job Type:  

Firm Types:
Search in Job Title

Search in Job Description
Job Source:
+ Browse Jobs       + Advanced Search       + Search Tips
InformationTechnology Career Feature

Database Auditing: Who Did What, to Which Data, When?
By Trevor Eddolls, senior consultant for NEON Enterprise Software
In a world replete with regulations and threats, organizations today have to go well beyond just securing their data. Protecting this most valuable asset means that companies have to perpetually monitor their systems in order to know who did exactly what, when, and how — to their data.

Act Now! Activate a FREE three days trial to InformationTechnologyCrossing.com, because you know how important it is to know about all the jobs.
Activate My Risk Free Trial
Database Auditing: Who Did What, to Which Data, When?
Database Auditing: Who Did What, to Which Data, When?
+ Enlarge
"Database logging only tells you what has happened on your database, not what is happening."
Database logging only tells you what has happened on your database, not what is happening. Even then, the log details probably won't be enough to satisfy compliance requirements. What is needed is a new way to audit databases without impacting their performance.

How do you know what's going on inside your database? The traditional answer is to use transaction logs or run trace utilities. Logging database activity is fine in its way — but it is only reactive. You'll only ever know what has already happened on your database, which is like finding that the bank has been robbed, rather than knowing that the bank is being robbed — and then being able to do something about it. The other problem with logs is granularity — the logs may not capture enough detail or may miss out completely on certain critical activities such as a read operation on sensitive data.

The traditional alternative is to run trace utilities. The trouble with traces is that they consume CPU cycles. It has been estimated that running the DB2 audit trace has a CPU overhead of around 5% per transaction when all audit trace classes are started. IBM estimates that DB2's global trace can add 100% CPU overhead when all audit trace classes are started.

It seems that what we have is one technique that is inadequate and another that is impractical. So, perhaps the important question to ask is, why should we bother? The answer is because of compliance regulations. There are two key regulations that apply — the Sarbanes-Oxley Act (SOX) and the Payment Card Industry Data Security Standard (PCI-DSS).

And while we're thinking of compliance with auditing regulations, who would usually be the person responsible for reviewing the logs or running and examining trace utilities? That would be the DBA. To comply with auditing requirements, you also need some way to check the DBA's activities to ensure that he isn't the person "robbing the bank", so to speak.

So far we have four criteria for a successful database-auditing tool. It must:
  • Comply with the latest regulations,

  • Audit DBA activity as well as all the other users of our database,

  • Not impact on the performance of the database,

  • Have a way of identifying in real-time any problems, i.e., any violations of corporate policies.

Many sites have implemented Security Information and Event Management (SIEM) tools, a hybrid of Security Information Management (SIM) and Security Event Management (SEM) tools, thinking that will help solve the problem. While they do import log data from a range of systems and network devices, they have one flaw. They don't natively monitor DBMS activity information, and they require the DBMS utilities to be turned on.

An ideal solution would run off the mainframe to not impact the mainframe's performance, while, at the same time, monitoring and tracking all database activity in real-time.

Fully compliant auditing solutions store, analyze, and report database information. They can identify anomalous behavior and policy violations immediately and respond with policy-based actions, such as security alerts. Database activity is captured at the DBMS level, and it can capture activity initiated by a mainframe-based applications and networked applications. It can also monitor by role or by application, which helps to meet auditing requirements.

A robust database access auditing solution that addresses regulatory compliance should be able to provide answers to at least the following questions:
  1. Who accessed the data?

  2. At what date and time was the access?

  3. What program or client software was used to access the data?

  4. From what location was the request issued?

  5. What SQL was issued to access the data?

  6. Was the request successful; and if so, how many rows of data were retrieved?

  7. If the request was a modification, what data was changed? (A before and after image of the change should be accessible.)

Knowing who is doing what to your data and when will protect your data and your company.

About the Author

Trevor Eddolls is a senior consultant for NEON Enterprise Software, a Sugar Land, TX-based technology leader in enterprise data availability software and services. Trevor has over 25 years of experience in all aspects of IT, and for many years, he was editor of  Xephon's Update journals (www.xephonusa.com). You can read his weekly blog at mainframeupdate.blogspot.com. He can be contacted by email at trevor@itech-ed.com. Visit www.neonesoft.com.

On The Net
NEON Enterprise Software
www.neonesoft.com

Trevor Eddoll’s blog
mainframeupdate.blogspot.com


Popular Tags
 CPU  Payment Card Industry  monitors  compliance requirements  Sarbanes-Oxley Act  compliance regulations  event management  data

  • Share this story:
  • BlinkList
  • blogmarks
  • del.icio.us
  • Digg
  • Facebook
  • Google
  • Sphinn
  • MySpace
  • NewsVine
  • Simpy
  • StumbleUpon
  • Technorati
  • E-mail this story to a friend!
  • Print this article!
  • Faves
  • Furl
  • Netvouz
  • Slashdot
  • Spurl
  • Yahoo! Buzz

Facts

InformationTechnologyCrossing Fact #208: Since InformationTechnologyCrossing filters job results by category, your job search is more efficient.

Comments

Article ID: 370124    www.informationtechnologycrossing.com

Article Title: Database Auditing: Who Did What, to Which Data, When?

Comment not found for this article.

Comment Comment
Rate This Article

Printable Version    Printable Version PDF Version    PDF Version Email to a Friend    Email to a Friend
Comment    Comment View Comment    View Comment

WHAT MAMBERS ARE SAYING
Andrew , Columbus, GA
The best part about EmploymentCrossing is the simplicity of the site. It is a very user friendly website.

Jamie , Pueblo West, CO
EmploymentCrossing is a very user friendly website and has a fantastic search engine. I always got quick responses to my search criteria.

Keith , Staten Island, NY
EmploymentCrossing's search engine is excellent. You can search jobs on the basis of specific locations and practice areas.

Carolyn , Harrisburg, PA
I would definitely like to join EmploymentCrossing again if I need to switch my job in future. It was a lot more helpful compared to other websites.

Meg , Oak Park, IL
The email alerts sent by InformationTechnologyCrossing are cool. I got a job through this feature of the website. Thanks!


To compare InformationTechnologyCrossing with other job sites Click here


Our Private Information Technology Job-Opening Research Will Show You Jobs Your Peers Do Not Know About

Your career is too important not to research every information technology job opening you can find. We offer you:



Tell us where to send your access instructions:

Your Email


Total Jobs on InformationTechnologyCrossing
274,617
New Information Technology Jobs This Week
50,488
Jobs on EmploymentCrossing Network
Available to Our Members
2,702,211
INFORMATION TECHNOLOGY JOBS NEAR YOU

+ International Jobs + Work At Home Jobs
+ UK Jobs + Canada Jobs

New search feature using US map. + click here
Looking for a new information technology job in your city? + click here
TOP 5 JOB SEARCHES

TODAY'S FEATURED INFORMATION TECHNOLOGY JOB

IT Specialist (APPSW)
United States-MD-Woodlawn
Join SSA, one of the top 10 Best Places to Work in the
Federal Government! This position is located in the Office
of Enterprise Support Architectur...

Employer: USDOJ Federal Bureau of Prisons

  Click to Apply  

FREE NEWSLETTER
+
A CHANCE TO WIN A NEW BMW
BMW
"The Job Researcher" is a weekly newsletter that's absolutely jam packed with jobs, career advice, stories, webinars and more. PLUS, a chance to win a new 2010 BMW 328i sedan in Career Mission's annual car giveaway.
SIGN UP NOW
*Email:  
Only InformationTechnologyCrossing researches and consolidates every information technology job opening it can find and puts all of the job openings it locates in one place.

  • We research and collect information technology job openings from tens of thousands of employer, association, newspaper classified, government, public interest, job board and other websites and post them on our site.
  • InformationTechnologyCrossing has vastly more information technology job openings than any other job board because we actually go out and research jobs instead of just posting jobs employers pay us to post.
Search All Articles
   GO 
  CAREER CONNECT  (From Our Career Blogs)
You always think powerful, creative thoughts.
Submit GET FREE
JOB ALERTS
BE THE FIRST TO KNOW
Learn about jobs before everyone else does. Studies prove the first people to apply to jobs are the most likely to get them. Sign up for job alerts today BMWand be entered to win a new BMW!
What is InformationTechnologyCrossing?
Who Else Is Ready to Never Have to Worry About Recessions and the Information Technology Job Market Again?
Why Job Boards Are Evil!
Blow Away Your Competition with InformationTechnologyCrossing
Get More Employers to Respond to Your Applications and Hire You
Why You Are Not Aware of 95% of the Information Technology Jobs Out There
Why InformationTechnologyCrossing's Marketing Problem is Good For You
Why It is Important to See Every Job Site There is
Private Versus Public Job Boards
Why You Need to Manage Your Job Search in One Place
Who Else Wants Their Phone Ringing Off the Hook With Quality Job Interviews?
Do Not Use Another Job Board Until You Read This
UNCENSORED REVIEWS!

Meg , Oak Park, IL

The email alerts sent by InformationTechnologyCrossing are cool. I got a job through this feature of the website. Thanks!

Malika , Houston, TX

The newswires on InformationTechnologyCrossing is the best thing about the site. I like to read them regularly.

Gregg , Tampa, FL

I was greatly surprised at the number of postings I found for my profession. It gave me the possibility to search in other cities, as I was considering a move to other locations in the country. I was very happy with the service and will recommend to everyone I know looking for employment prospects.

+ More success stories
+ Share your success story with us
HOW WE WORK

Watch Our Latest Video!

HOW WE WORK
See Every Information Technology Job We Can Find on the Internet!
Unlike other sites, InformationTechnologyCrossing works for you and does not charge employers to post jobs and actually goes out and researches jobs for you. The jobs you see are the jobs we find for you and not the ones employers are paying us to post.
To compare InformationTechnologyCrossing with other job sites
Click here
USEFUL LINKS

Press Releases

Add InformationTechnologyCrossing to My Favorites

Leading Employers
Tell a Friend!
Facebook Twitter
Top 101 Reasons to Sign Up for InformationTechnologyCrossing
Reason 47: InformationTechnologyCrossing contains helpful links that let you immediately visit most employers' websites.
  Click here for 100 more reasons  
InformationTechnologyCrossing is a one-stop-shop for your career needs.
Tell Us What You Think   
InformationTechnologyCrossing answers:
Why can't I just use a free method to look for a job?
+ Click here for answer
Free Webinar by Harrison Barnes
To Succeed in Any Job You Need to Create Work

Monday, March 22, 2010 at 1:00 PM PST.
Today at InformationTechnologyCrossing

1,650 - Jobs found in last 24 Hours 50,488 - Jobs found in last 7 Days 274,617 - Total Jobs Found
Your privacy is guaranteed. We will never give out, lease, or sell your personal information. Whitelist InformationTechnologyCrossing
Sign Up  |   About Us  |   History  |   Our Mission  |   Refer A Friend  |   Terms of Use  |   Privacy  |   Post a Job Opening  |   Job-Opening FAQ  |   Testimonials  |   Career Articles

The InformationTechnologyCrossing Guarantee  |   Crossing Sites  |   Browse Jobs  |   Benefits of Working with InformationTechnologyCrossing  |   Site Map

Career Advice  |   Resume Service  |   Resume Distribution Service
In a different but related profession? We can help! Explore our related sites:
C++ Jobs |  DBA Jobs |  Dot Net Jobs |  E-commerce Jobs |  J2ee Jobs |  ERP Jobs |  SQL Jobs |  Employment Jobs

Want to Focus Your Information Technology Job Search on a Different Geographic Area?
Akron Jobs  |  Albuquerque Jobs  |  Anaheim Jobs  |  Anchorage Jobs  |  Arlington Jobs  |  Atlanta Jobs  |  Aurora Jobs  |  Austin Jobs  |  Babylon Jobs  |  Bakersfield Jobs  |  Baltimore Jobs  |  Baton Rouge Jobs  |  Birmingham Jobs  |  Boston Jobs  |  Buffalo Jobs  |  Chandler Jobs  |  Charlotte Jobs  |  Chesapeake Jobs  |  Chicago Jobs  |  Chula Vista Jobs  |  Cincinnati Jobs  |  Cleveland Jobs  |  Colorado Springs Jobs  |  Columbus Jobs  |  Corpus Christi Jobs  |  Dallas Jobs  |  Denver Jobs  |  Detroit Jobs  |  Durham Jobs  |  El Paso Jobs  |  Fort Wayne Jobs  |  Fort Worth Jobs  |  Fresno Jobs  |  Garland Jobs  |  Greensboro Jobs  |  Henderson Jobs  |  Hialeah Jobs  |  Honolulu Jobs  |  Houston Jobs  |  Indianapolis Jobs  |  Islip Jobs  |  Jacksonville Jobs  |  Jersey City Jobs  |  Kansas City Jobs  |  Laredo Jobs  |  Las Vegas Jobs  |  Lexington Jobs  |  Lincoln Jobs  |  Long Beach Jobs  |  Los Angeles Jobs  |  Louisville Jobs  |  Lubbock Jobs  |  Memphis Jobs  |  Mesa Jobs  |  Miami Jobs  |  Milwaukee Jobs  |  Minneapolis Jobs  |  Nashville Jobs  |  Newark Jobs  |  New Orleans Jobs  |  New York Jobs  |  Norfolk Jobs  |  North Hempstead Jobs  |  Oakland Jobs  |  Oklahoma Jobs  |  Omaha Jobs  |  Orlando Jobs  |  Oyster Bay Jobs  |  Philadelphia Jobs  |  Phoenix Jobs  |  Pittsburgh Jobs  |  Plano Jobs  |  Portland Jobs  |  Raleigh Jobs  |  Reno Jobs  |  Riverside Jobs  |  Rochester Jobs  |  Sacramento Jobs  |  San Antonio Jobs  |  San Diego Jobs  |  San Francisco Jobs  |  San Jose Jobs  |  Santa Ana Jobs  |  Scottsdale Jobs  |  Seattle Jobs  |  Saint Louis Jobs  |  Stockton Jobs  |  Saint Paul Jobs  |  Saint Petersburg Jobs  |  Tampa Jobs  |  Toledo Jobs  |  Tucson Jobs  |  Tulsa Jobs  |  Virginia Beach Jobs  |  Washington DC Jobs  |  Wichita Jobs  |  Winston-Salem Jobs
InformationTechnologyCrossing - #1 Job Aggregation and Private Job-Opening Research Service — The Most Quality Jobs Anywhere
InformationTechnologyCrossing is the first job consolidation service in the employment industry to seek to include every job that exists and not charge employers to post jobs on its site.

InformationTechnologyCrossing uses sophisticated technology and manual work to comb employer websites and other job boards for jobs and bring them all to its site.