(If your interest extends beyond Database VA, please click here to view our full suite of Database Security Services.)
As organizations typically store their most critical business data in relational databases it is hard to overstate the importance of securing critical data at its source. Performing appropriate security due diligence is critical to ensuring that the databases perform as expected and that key risks to the data they contain are mitigated to an acceptable level.
Ensuring the security of mission critical databases is best addressed by the following activities (the extent & rigor of the activity generally increase as you progress down the list):
- Database Vulnerability Assessment;
- Database Architecture Review;
- User Rights Audit;
- Database Audit; and,
- Security Code Review.
The database's risk profile, the applications it supports, and the importance of specific controls to reducing risk, are generally the predominant factors in determining which of the five activities outlined above are optimal to provide the entity with an appropriate level of assurance.