Risk Assessment Database Security Assessment

Database Security Assessment

Most security efforts are focused on the application, the operating system or the network. The database is always the last to be secured yet it holds all the key information. Most companies do not do a database security assessment. Data confidentiality, integrity and availability is important and required a specialist in database security to truly understand the risks associated with a data breach.

Solution

Our Database Security Assessment service offers a documented, comprehensive and in-depth analysis of the current security posture of existing relational databases. We perform manual and automated testing of database security on the database implementation, the application accessing the database and the network architecture. The security assessment delivers a comprehensive and in-depth analysis of the current security controls of the database. We provide technical recommendations that can be addressed by the administrators and provides strategic solutions that can be addressed by Security Managers, Auditors, Compliance Officers and senior management.

Key steps in a Database assessment include:
  • Create an inventory of all database systems and use classifications
  • Classify data risk, monitoring capabilities and risk rating on data access
  • Review roles and access restrictions
  • Review authorizations for users, permission levels, and user management processes
  • Review application access, authentication, application audit and control
  • Audit activity, change control processes. log review
  • Review network controls and detection systems
  • Review reporting capabilities