AUDIENCE:   This course is for computer auditors and security specialists wishing to see how to close weaknesses on a SQL Server, and how to check this has been done. Audit planners and managers may also wish to attend. PREREQUISITES:   You should have a basic understanding of RDBMS’s and with the processes used by computer auditors in examining systems. Some aptitude for programming may be useful. Some commands are entered into a terminal screen and you should feel comfortable doing this. DURATION:   2 days. Hands on. OBJECTIVES:   By the end of the course you will be familiar with SQL Server’s client interface, the Query Analyzer monitor and with simple T-SQL queries. In particular, you will come to understand the language surrounding SQL Server and will gain immediate credibility talking to the experts. COURSE CONTENT:   About SQL Server Architecture User Security User and login model Trusted logins from the operating system Roles Permissions Fixed database privileges Fixed server privileges Application security The database owner Encrypted exchanges security Audit Trail Using Triggers Exchanging Information Data transformation services Linked servers Dumping ASCII data Replication Publication and subscription Hiding the SQL Server SQL Server and web servers Detecting change to column data Automation Features Jobs Alerts Operators Mail Backup and Restore Backing up and restoring databases Backing up a database Restoring a database Backup and restore architecture Transaction management Getting information Auditing backup and restoration Appendix 7-1 Worked example of a backup and recovery routine System Audit Utilities The profiler Designing and running a trace Audit Work Packs Appendix: Using SQL Server system tables