By browsing our site you agree to our use of cookies. You will only see this message once.

> Find out more about how this site uses cookies

Enrol for this course

Course Description

Awarding Body: IT Audit Training

The course will address the security of the main types of relational database management systems, using a risk-based approach.  Each risk will be considered in relation to each type of database, allowing RSM auditors to learn how the risk is addressed by the databases under consideration.

(Duration: 3 days)

Databases and their relationship to the host operating system

  • Security of the physical DBMS files – risks of deletion of database files
  • Tablespace and control file risks
  • Database archiving and recovery risks

Database schemas and the risk of improper separation of access

Network access controls

  • Risks of improper client configuration
  • Security issues of client/server network transmission
  • Risks of database links
  • Risks of web-based access to databases and applications

Database login controls

  • Authentication risks – internal, external and global authentication
  • Database logins and how to audit them
  • Risks of default accounts and passwords
  • Database roles and their risks
  • Improper allocation of built-in roles
  • Server and database roles and their risks

Database administrators and privileged users

  • The database owner and database administrator
  • Risks of improper use of DBA privilege
  • Database privileges and how to audit them
  • Risks of allocating excessive privileges to users
  • Risks of the admin option
  • User profiles and control of resources – risks of default profiles


Database objects

  • Tables and views and how to identify them
  • Risks of improper use of views – why does it matter?
  • Procedures and packages - identifying the high-risk ones
  • Database ownership chains and their associated risks

Object access permissions and how to audit the high-risk ones

Virtual Private Databases, Row-level security and their uses in enforcing separation of duties


Database auditing

  • Risks of default database audit settings
  • Activating database auditing
  • What’s being audited? How to list the audit settings
  • Limitations of built-in database auditing
  • Use of triggers to overcome standard auditing limitations
  • Risks of improper access to the audit trail
  • Oracle Fine-Grained Auditing

Developing database auditing tools with scripting languages and SQL

Course presentation style and format

The course will be presented in hands-on format for Windows, Oracle 9, 10g, 11g and SQL Server 2000/2005, structured around a series of audit risk areas.  For each area, the course will describe the nature of the risk, any available controls and countermeasures, and the exposure if the controls are not implemented.  A course manual in PowerPoint format will be provided, together with a detailed audit program, structured into risk areas to correspond with the course manual.  Guidance will be provided on how to perform a ‘limited time’ review, indicating which areas in the audit programs should receive the highest priority. 

For the ‘hands-on’ aspects of the course, students will be provided with a laptop containing VMWare images of Windows 2003R2 servers, Oracle and SQL Server databases, with full database administrator access.

The courses will be presented by our Senior IT Management Consultant, Steve Rimell

Enquiry form

If you have any questions regarding this or any of our other courses please do not hesitate to contact us. You can send us a message by completing the following enquiry form.

Accredited By

CIPFA Accredited
leadership management wales
chartered management institute approved
institute of consulting approved
institute of consulting premier practice
leadership management wales
institute of consulting approved

In Partnership With

institute of internal auditors

Thanks for visiting BHBi

Mark Barnes

Hi. I'm Mark Barnes one of the directors at BHBi.

Is there anything I can help you with? Perhaps you are keen to find out more about a course?

Mark Barnes

Thanks for asking.

If you add your email or telephone below. I'll get back to you as soon as I am online.

Mark Barnes

Thanks for your message or question.

I'll get back to your shortly. I look forward to chatting more with you.


ask us