6.2: Auditing File Systems & DBMS

Question 1

Auditing File Systems

Answer 1

• Capacity - Examine any file storage capacity management tools, processes, and records.
• Access control - Examine record of access requests to see if they correspond to the access permission observed

Question 2

Auditing Database Management System should include:

Answer 2

• Configuration management
• Change management
• Capacity Management
• Security Management

Question 3

Auditing configuration management of a DBMS

Answer 3

It should be centrally controlled and tracked to ensure consistency among systems. Individual DBMSs and configuration management RECORDS should be compared

Question 4

Auditing Change management of a DBMS

Answer 4

Examine DBMS change management processes and records to see whether changes are being performed in a consistent, systematic manner. All change made should be requested and reviewed in advance, approved by management, tested, implemented, and recorded.
Changes to software should be examined in coordination with an audit of the organization’s software development life cycle.

Question 5

Auditing Capacity Management of a DBMS

Answer 5

Examine procedures and records related to capacity management to see whether management ensures sufficient capacity for business data.

Question 6

Auditing security Management of a DBMS

Answer 6

Access controls determine which users and systems are able to access and update data. Examine access control configurations, access requests, and access logs.