A conceptual framework of information security database audit and assessment in university based organization

Abstract

Today, databases are one of the most important things in the IT world and it is also becoming more popular and organizations globally are gradually moving their traditional IT setup to database model to gain the benefits of securing the data and in terms of providing easy access and elasticity of IT services. With database security, the IT service roles within an organization become integrated hence giving the overall IT operating model a more structured layout. Such objectivity however can only be materialized when proper planning and execution are put in place. As such, a proper execution and implementation of database system would include a stringent set of checks and audit processes.The problem is like every database is having right now is there information records that needs to be secured and the information assets and more private records need to be secured. A conceptual Information Security Database Audit and Assessment framework(ISDAA) will enhance to identify the best approach to audit and assess only the information assets through information security database audit.The goal of database auditing is central towards determining if the services engaged are meeting certain legal requirements in terms of protecting customer’s data and organization standards to achieve secure data assets success against various security threats. Therefore, this project has a conceptual framework which will be developed from previous frameworks through literature review and after that the variables influencing the auditing of database from those previous frameworks such as access control, oracle database control, SQL(DML), Object(DDL) and IT audit quality will be used for the audit process. After this The method that will be used to collect the data by these variables for enhancing the framework will be by comparing it with other frameworks with expert reviews from CICT UTM data center and IT department experts and then formulate an updated framework which has the following enhanced components such as DB log, DB Client, DB API and Alerting and Monitoring.