S 6.48 Procedures in case of a loss of database integrity

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrator, IT users

If irregularities occur in the operation of the database system (for example, undefined system behaviour, lost tables or data records, modified contents of tables, inexplicably long response times), a loss of database integrity might be the source of the problem. Such losses can be caused, among other things, by misuse of the system (for example, unauthorised administration, modification of the system settings, exceeding of the maximum permissible number of Connects).

Users should observe the following procedure in this case:

• Keep calm.

• Inform the database administrator.

• Do not use the database any longer.

The database administrator should take the following steps:

• Inform all affected users.

• Shut down the database system.

• Start up the database system in the exclusive mode (if this is supported by the database system).

• Backup all files which could provide details on the nature and cause of the problem (for example, whether an intrusion has taken place, and if so, how it was effected), i.e. all relevant log files should be backed up in particular.

• Check and, if necessary, reset the rights to access system tables.

• Check the database software for any visible changes, for example, to the date of creation and size of the corresponding files. As these attributes can be reset to their original values by an intruder, the integrity of the files should be tested using checksum procedures.

• If necessary, the deletion of the executable files and play-back of the original files from write-protected data media (cf. S 6.21 Backup copy of the software used). (Programs must not be restored from data backups as these already can contain errors).

• Check the log files for irregularities (in co-operation with the auditor).

• Request users to check their domains for irregularities.

If data was deleted or inadvertently modified, it can be re-loaded from the data backups (refer to S 6.51 Restoring a database).

Additional controls:

• Are users regularly reminded that they must immediately notify the database administrator on the occurrence of any inconsistencies?

• Are these measures also implemented?

• Are the database administrators appropriately informed?