Audit and assurance program for NoSQL DBMS

  • Author(s) / Creator(s)
  • This research outlines a template of audit and assurance program for NoSQL DBMSs based on the COBIT framework. With the increase in the use of NoSQL technologies in enterprises, there are various technical and managerial risks associated with them. Some of the major technical risks include lack of data encryption, built-in user authentication and authorization, vulnerability to the injection attacks and technical concerns related to data redundancy features. Managerial risks include limited expertise available for this new technology, complex data migration to NoSQL solutions, issues related to potential data inconsistencies and limited tools for transaction audit. To handle such risks, it is important for an enterprise to implement rigorous controls to mitigate those risks effectively. And there must also be a mechanism to test the effectiveness of the implemented controls. A rigorous audit and assurance program, designed specifically for NoSQL DBMS, could serve as such a mechanism. As a part of this research, a sample audit and assurance template has been developed considering Elasticsearch as the primary database for testing purposes. This sample also includes the pictorial reference documents for the technical controls covered in the audit program.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International