SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
Time spent monitoring DB Audit Results

 
Reply to topic    SoftTree Technologies Forum Index » DB Audit, DB Mail, DB Tools View previous topic
View next topic
Time spent monitoring DB Audit Results
Author Message
ppatria



Joined: 09 Dec 2009
Posts: 2
Country: United States

Post Time spent monitoring DB Audit Results Reply with quote
Good morning everyone,

We are researching database audit tools for our university. We have 5 Oracle/MS SQL Server databases that we want to monitor. Can anyone tell me how long you spend monitoring your databases on a daily basis (i.e. 10 minutes, 30 minutes, an hour) and who in your organization does the monitoring (DBA, system administrator, etc.)? We want to understand the impact and resources before moving forward.

Thank you!

Patty Patria
Bentley University
Wed Dec 09, 2009 11:31 am View user's profile Send private message Send e-mail
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 6485

Post Reply with quote
Sorry for getting into this discussion... here are classical answers to your questions

Quote:
Can anyone tell me how long you spend monitoring your databases on a daily basis (i.e. 10 minutes, 30 minutes, an hour)


This is not supposed to be a manual process. The system should be configured to automatically notify you about policy violations and other anomalies. And the system should be configured to monitor your databases 24x7. Security officers should be responsible for analyzing threats, taking actions and basically enforcing the security and audit policies. Sometimes DBAs and system admins are tasked with this role too, but that is really a bad idea because their priorities and goals are quite different from what is required for compliance and for security. Security officers should also periodically review analytical and forensic audit reports, run security checks, etc… in order to identify potential security gaps and threats and to ensure that new applications are adequately monitored and protected from unauthorized access.

Quote:
who in your organization does the monitoring (DBA, system administrator, etc.)?
In best case scenario, this should be done by a dedicated security officer(s) responsible for compliance and organization security. On practice, small organizations usually don't have dedicated security personnel for this task and rely on their DBAs/sysadmins.
Wed Dec 09, 2009 1:25 pm View user's profile Send private message
ppatria



Joined: 09 Dec 2009
Posts: 2
Country: United States

Post Reply with quote
I understand that this should not be a manual process, but I am still looking for a time estimate (in your opinion) to review alerts fror 3 databases. We are trying to factor how much time it should take an employee on a daily basis.

Thank you.
Tue Jan 19, 2010 10:51 am View user's profile Send private message Send e-mail
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 6485

Post Reply with quote
Well, it likely depends on the types of alerts selected and how often they are fired. Alerts covering broad topics can be fired frequently and the reviewer will need to spend more time on reviewing them, for example, for the sake of argument consider alerts for failed connection attempts.

On the other hand, if alerts are defined as "exceptions" with a sharp focus and fired infrequently, maybe once a week or once a year, for example, consider alerts for changes occurring in some sensitive data. They shouldn't take much time, Yet, in such exceptional cases the reviewer may still need to take it to somebody else to the next level in order to verify these changes have been actually approved and correct.

Hope this makes sense.
Tue Jan 19, 2010 11:22 am View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » DB Audit, DB Mail, DB Tools All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.