Audit Memo
Audit Planning Memorandum for Database Environment
Date | 02/04/2013 | To | Audit Senior Management | School Board | Temple University | Prepared By | Shan Jiang |
-------------------------------------------------
Background
Types of RDBMS: MySQL 5.0 - an open-source database used extensively in small or medium-sized web applications. One of the simplest databases to secure from hacking because of the small attack surface it exposes
Number of DB servers: 3
Business units rely on the DBs: Sales and Distribution, Financial Services, Procurement, and Accounts Receivable.
Organizational structure of the group who manages the DBs: Data Owner, system administrator, and database administrator.
1.0 Internal Audit Objective and Scope
2.1 Internal Audit Objective
The objective of this review is to audit confidentiality, integrity, and availability of XYZ Company’s MySQL 5.0 database environment.
2.2 Internal Audit Scope and Approach
The scope of this review includes an assessment of MySQL 5.0 database environment. Specifically, this review will include:
* Physical and administrative control * Concurrent access controls * Change controls * Server configuration control * Database checkpoints * Schema Modifications * Redundancy elimination and relationship verification * Database restructuring * Data backup and disaster recovery plan
2.3 Deliverables
Audit deliverables will consist of the following:
* Fieldwork documentation * Finding Issues * Audit draft report * Action plan and recommendation * Audit final report
It is planned that the above deliverables will be delivered to you by 02/07/2013 for your review and subsequent discussion.
2.0 High-Level Work Program
Policy and standards, data backup and procedures, levels of access controls for data, data encryption, confidentiality, integrity, availability of data elements,
Date | 02/04/2013 | To | Audit Senior Management | School Board | Temple University | Prepared By | Shan Jiang |
-------------------------------------------------
Background
Types of RDBMS: MySQL 5.0 - an open-source database used extensively in small or medium-sized web applications. One of the simplest databases to secure from hacking because of the small attack surface it exposes
Number of DB servers: 3
Business units rely on the DBs: Sales and Distribution, Financial Services, Procurement, and Accounts Receivable.
Organizational structure of the group who manages the DBs: Data Owner, system administrator, and database administrator.
1.0 Internal Audit Objective and Scope
2.1 Internal Audit Objective
The objective of this review is to audit confidentiality, integrity, and availability of XYZ Company’s MySQL 5.0 database environment.
2.2 Internal Audit Scope and Approach
The scope of this review includes an assessment of MySQL 5.0 database environment. Specifically, this review will include:
* Physical and administrative control * Concurrent access controls * Change controls * Server configuration control * Database checkpoints * Schema Modifications * Redundancy elimination and relationship verification * Database restructuring * Data backup and disaster recovery plan
2.3 Deliverables
Audit deliverables will consist of the following:
* Fieldwork documentation * Finding Issues * Audit draft report * Action plan and recommendation * Audit final report
It is planned that the above deliverables will be delivered to you by 02/07/2013 for your review and subsequent discussion.
2.0 High-Level Work Program
Policy and standards, data backup and procedures, levels of access controls for data, data encryption, confidentiality, integrity, availability of data elements,