 |
SoftTree Technologies
Technical Support Forums
|
|
| Author |
Message |
ppatria
Joined: 09 Dec 2009
Posts: 2
Country: United States |
|
 Time spent monitoring DB Audit Results |
 |
Good morning everyone,
We are researching database audit tools for our university. We have 5 Oracle/MS SQL Server databases that we want to monitor. Can anyone tell me how long you spend monitoring your databases on a daily basis (i.e. 10 minutes, 30 minutes, an hour) and who in your organization does the monitoring (DBA, system administrator, etc.)? We want to understand the impact and resources before moving forward.
Thank you!
Patty Patria
Bentley University
|
|
| Wed Dec 09, 2009 11:31 am |
   |
 |
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7948
|
|
| |
|
Sorry for getting into this discussion... here are classical answers to your questions
 |
|
Can anyone tell me how long you spend monitoring your databases on a daily basis (i.e. 10 minutes, 30 minutes, an hour) |
This is not supposed to be a manual process. The system should be configured to automatically notify you about policy violations and other anomalies. And the system should be configured to monitor your databases 24x7. Security officers should be responsible for analyzing threats, taking actions and basically enforcing the security and audit policies. Sometimes DBAs and system admins are tasked with this role too, but that is really a bad idea because their priorities and goals are quite different from what is required for compliance and for security. Security officers should also periodically review analytical and forensic audit reports, run security checks, etc… in order to identify potential security gaps and threats and to ensure that new applications are adequately monitored and protected from unauthorized access.
|
|
who in your organization does the monitoring (DBA, system administrator, etc.)? |
In best case scenario, this should be done by a dedicated security officer(s) responsible for compliance and organization security. On practice, small organizations usually don't have dedicated security personnel for this task and rely on their DBAs/sysadmins.
|
|
| Wed Dec 09, 2009 1:25 pm |
|
|
ppatria
Joined: 09 Dec 2009
Posts: 2
Country: United States |
|
| |
|
I understand that this should not be a manual process, but I am still looking for a time estimate (in your opinion) to review alerts fror 3 databases. We are trying to factor how much time it should take an employee on a daily basis.
Thank you.
|
|
| Tue Jan 19, 2010 10:51 am |
|
|
SysOp
Site Admin
Joined: 26 Nov 2006
Posts: 7948
|
|
| |
|
Well, it likely depends on the types of alerts selected and how often they are fired. Alerts covering broad topics can be fired frequently and the reviewer will need to spend more time on reviewing them, for example, for the sake of argument consider alerts for failed connection attempts.
On the other hand, if alerts are defined as "exceptions" with a sharp focus and fired infrequently, maybe once a week or once a year, for example, consider alerts for changes occurring in some sensitive data. They shouldn't take much time, Yet, in such exceptional cases the reviewer may still need to take it to somebody else to the next level in order to verify these changes have been actually approved and correct.
Hope this makes sense.
|
|
| Tue Jan 19, 2010 11:22 am |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
