Audit and assurance program for NoSQL DBMS

Brar, Kanwarpreet Singh; Bhola, Hitesh

doi:doi:10.7939/r3-shjs-2067

View

Download

Communities and Collections

Concordia University of Edmonton / Master of Information Systems Security Management (MISSM) and Master of Information Systems Assurance Management (MISAM) Project Reports (Concordia University of Edmonton)

Usage

123 views
240 downloads

Audit and assurance program for NoSQL DBMS

Author(s) / Creator(s)
- Brar, Kanwarpreet Singh
- Bhola, Hitesh
This research outlines a template of audit and assurance program for NoSQL DBMSs based on the COBIT framework. With the increase in the use of NoSQL technologies in enterprises, there are various technical and managerial risks associated with them. Some of the major technical risks include lack of data encryption, built-in user authentication and authorization, vulnerability to the injection attacks and technical concerns related to data redundancy features. Managerial risks include limited expertise available for this new technology, complex data migration to NoSQL solutions, issues related to potential data inconsistencies and limited tools for transaction audit. To handle such risks, it is important for an enterprise to implement rigorous controls to mitigate those risks effectively. And there must also be a mechanism to test the effectiveness of the implemented controls. A rigorous audit and assurance program, designed specifically for NoSQL DBMS, could serve as such a mechanism. As a part of this research, a sample audit and assurance template has been developed considering Elasticsearch as the primary database for testing purposes. This sample also includes the pictorial reference documents for the technical controls covered in the audit program.
Date created

2021-04-01
Subjects / Keywords
Type of Item

Research Material
DOI

https://doi.org/10.7939/r3-shjs-2067
License

Attribution-NonCommercial 4.0 International

Language
- English
Additional contributors
- Bukatov, Sergey