USA: +1(669)289-8683 
Sign in
The research paper specifications are as follows:
- 8-10 pages (double-spaced) Times New Roman 12 pt font.
- Must have Abstract, Table of Contents, Introduction, Conclusion and section headings
- Use at least five references outside of your textbook (you may use your textbook too, but are not required to).
- In addition to the required number of pages for the assignment, you must also Include a reference page (bibliography), written in APA style and a title page. Be sure to give all of your papers a descriptive title!
- You must submit a rough draft at the end of Week 5. This is to be a complete paper, meeting the page requirements – not a partially completed paper. Points will be deducted for short or incomplete papers. Your rough draft will not be graded by the rubric, but helpful feedback will be provided to indicate where you are falling short. You may correct any deficiencies before resubmitting your final version at the end of Week 7.
- Typewritten in double-spaced format with a readable style and font and submitted inside the electronic classroom (unless classroom access is not possible and other arrangements have been approved by the professor).
- Page margins Top, Bottom, Left Side and Right Side = 1 inch, with reasonable accommodation being made for special situations
- Your paper must be in your own words, representing original work. Paraphrases of others’ work must include attributions to the authors. Limit quotations to an average of no more than 3-5 lines, and use quotations sparingly! It is always better to paraphrase than to directly quote.
1
Secure Auditing in Database
Systems
Garlin,Saintice
American Military University
ISSC290D001
2025/04/4
2
Contents
……………………………………………………………………………………………………………………………………………. ……………………. 3
…………………………………………………………………………………………………………………………………………………………… 3
………………………………………………………………………………………………………………………. 4
……………………………………………………………………………………………………………… 5
……………………………………………………………………………………………………………………………….. 6
…………………………………………………………………………………………………………………………….. 7
………………………………………………………………………………………………………………………………………………………….. 8
……………………………………………………………………………………………………………………………………………. ………….. 9
……………………………………………………………………………………………………………………………………………. …………….. 10
………………………………………………………………………………………………………………………………………………………….. 12
3
Secure Auditing in Database Systems
Abstract
Database systems are central to modern information management. With increasing cyber
threats, suitable auditing mechanisms are necessary to preserve data integrity, confidentiality,
and regulatory compliance (NIST, 2024). This paper presents secure auditing in traditional and
emerging databases. For tamper-evident records, we study cryptographic logging; for audit trails,
we examine blockchain; and for anomaly detection, we use AI. In addition, we consider practical
issues of performance, storage, and scalability in distributed systems. Case studies from
healthcare and finance show how these solutions help with compliance and data protection. We
discuss future advancements, such as homomorphic encryption, zero-knowledge proofs, and
quantum-resistant cryptography, and give insights to database administrators, security experts,
and compliance professionals.
Introduction
Today, more than ever, databases are the central depository for almost all organisational
sensitive data captured in the digitised world. These systems store information ranging from
intellectual property to banking transactions and medical histories, and all of it is valuable and
vulnerable. With the growing frequency and sophistication of cyber-attacks and increasing
regulatory expectations, database auditing has moved from an optional security measure to an
essential operational necessity. While traditional database auditing is solely the process of simply
logging database events, modern database auditing goes much further than that. It is an overall
framework to provide data integrity, detect unauthorised access, and maintain records for
compliance and forensic analysis. This paper explores the problem of secure auditing in current
database environments. First, we outline the importance of auditing in current data management,
4
then analyse the common security threats sanitised by auditing mechanisms. The central core of
our discussion in the subsequent three primary categories of auditing techniques are based on
cryptographic methods, blockchain implementations, and AI-driven techniques. We discuss each
case’s technical implementations, practical advantages, and possible limitations. This is followed
by subsequent sections that discuss the real-world issues plaguing organisations as they deploy
these solutions, with case studies describing how they were used successfully in regulated
industries. Finally, we examine the future of database auditing with the help of emerging
technologies that will further shape the industry in the coming years.
Importance of Database Auditing
According to (Chaudhary, 2023), Database auditing is a multi-dimensional value to
organisations across industries, and its critical role in modern information systems gives it a
significant value. Never mind, auditing is the protective mechanism and the compliance tool at
its core, providing for creating a record of all verifiable database activity for security incidents or
regulatory validation. In security terms, auditing is a digital surveillance system constantly
monitoring access patterns and data changes to spot potential breaches or policy violations.
Nothing should be underestimated regarding the psychological deterrent effect of comprehensive
auditing: the more you know that all database interaction will be recorded and analysed, the less
likely external attackers will commit malicious acts, and the less likely internal staff will either.
As a card of compliance, database auditing has acquired indispensable status in the
regulated industries. Because of standards such as the Sarbanes-Oxley Act (SOX) that require
financial institutions to exercise strict controls over their financial reporting system and audit all
database transactions that could impact financial statements in detail, financial institutions must
formulate new controls for all transaction activities and revise their policies (Pool et al., 2024).
5
Since HIPAA regulations are enforced in healthcare organisations, granular auditing of access to
healthcare data (ePHI) is required and carries explicit log retention and review processes. For
example, the PCI DSS also requires a rigorous audit for systems that process credit card data
(Alder, 2025). Regardless of their more open and flexible nature, these regulatory frameworks
have standard requirements: comprehensive but routine activity logging, regular log reviews, and
secure log retention – all of which are the essential elements of a database auditing system.
Database auditing has operational benefits, giving the helpful organisation insight into
system usage patterns and potential performance bottlenecks. They can help you see which
queries are underrun, which are being called unauthorised, or what seemingly normal activity
may correspond to system abuse. Audit trails are the primary source of evidence used in forensic
investigations following a security incident to help reconstruct events and determine the scope of
a breach or compromised data. Indeed, the business continuity benefits also apply in disaster
recovery scenarios where audit logs can provide data integrity verification support to recovery
validation processes. Consultancy on the overall strategic importance of robust database auditing
solutions for controlling and monitoring changes to complex business data is growing
exponentially as data volumes do, and dealing with diversifying and complex regulatory
landscapes will only increase in importance.
Common Threats to Database Security
According to Buda, 2023, Contemporary database systems must deal with an ever-
increasing number of security threats, and there is an increasing need for robust auditing
solutions. The most important are injection attacks, such as SQL injection, which are still among
the most common and dangerous database vulnerabilities despite being known for decades.
Nikolai publicly outlines that these attacks exploit application vulnerabilities to run malicious
6
SQL commands, which can lead to the attacker bypassing authentication, extracting sensitive
data, or even taking control of database servers. In particular, various sophisticated variants,
including blind SQL injection attacks and out-of-band attacks, are challenging to detect and
prevent.
Another significant category of risk that database auditing helps mitigate is insider
threats. Malicious employees looking to gain, disgruntled workers aiming to harm, or careless
workers ticking policies in the name of security can all be sources of these threats. According to
the results of the Verizon Data Breach Investigations Report in 2023, insider threats contributed
to almost 20 per cent of all data breaches (Verizon, 2023). Privileged users are sweet spots for
insider threats due to their potentially extensive system access. One central control against such
threats is database auditing, which stores detailed records of all user account activities to detect
suspicious behaviour patterns and as forensic evidence when incidents happen.
Ransomware threats are becoming more sophisticated, including attacks on database
systems designed to encrypt critical data, keep it encrypted, and demand payment to secure its
release. Usually, these attacks are made using technical exploits and social engineering to gain
initial access. Moreover, as cloud databases are gaining adoption, the new attack vectors include
misconfigured access control and compromised API keys. APTs focused on data in databases
may linger undetected while exfiltrating sensitive data for quite some time. Comprehensive
activity monitoring and anomaly detection capabilities are the keys to these threats, and database
auditing systems are precisely the tools for prioritizing these threats’ identities.
Secure Auditing Techniques
Various technical approaches are employed by modern database auditing to boost
security and compliance. Cryptographic auditing, such as HMACs (authenticity) and digital
7
signatures (source verification), ensures log integrity. This allows efficient validation of large
logs with Merkle trees. To prevent tampering, these techniques are essential in high-security
applications such as finance or the government. Using blockchain, transactions that are not
tamperable are recorded in an immutable chain. The advantage of such love includes
cryptographic hashing for data integrity and smart contracts for automated alerts. Adopted in
finance and healthcare for secure record keeping, scalability is difficult in high-volume systems.
The audit is made possible by AI and machine learning – they help reduce false positives and
detect anomalies. Unlike supervised methods, which identify known threats, unsupervised
methods tend to discover new risks. RNNs perform temporal access pattern analysis and
behavioural analytics to detect insider threats. NLP and automated responses further improve
real-time threat detection. Combining these to make hybrid architectures for robust auditing is an
idea I like. Scalable, automated auditing is available within cloud-based solutions, while
confidential computing enables secure analysis of encrypted data. However, complementary
technologies could be leveraged for different threats and to continue making systems more
resilient and less susceptible to varying threats as threats evolve.
Challenges in Implementation
There are technical and operational challenges in deploying such effective database
auditing systems. The main problem we face is performance hit since auditing introduces
processing overhead for logging, cryptography, and storage, which can degrade responsiveness,
particularly in high transaction systems such as e-commerce or finance. Selective auditing, fine-
tuning parameters, or dedicated hardware may be used depending on optimisation. The audit logs
can quickly grow, and storage is another issue because audit logs also need to be stored and
compressed, as well as data retention policies. However, the validity of audit records is more
8
difficult to guarantee in distributed and NoSQL systems due to their scalability. Tracking in
microservices is even more complex since every transaction involves multiple services. Cloud-
based databases raise other compliance concerns, audit data control, and liabilities attached to the
provider’s responsibility. Also, such privacy regulations as GDPR raise auditing dilemmas, as
they restrict data retention and pushing. With the balance somewhere between security needs and
privacy laws, it has to be auditor though: methods such as redaction, pseudonymisation, and
purpose-limited logging can all be used (Naidu et al., 2023). Lastly, to effectively manage the
audit logs, it is complex. When data is captured, but no tools are available to analyse and alert on
the data, security teams may see false positives or possible missed incidents. Auditing should
include a regular review, incident response, and continuous tuning. Training people and
deploying expert tools for managing and interpreting the audit data also contribute to success.
Case Studies
A good example of database auditing for the healthcare industry is the mix of security
and operational requirements. The monitoring gaps were highlighted in a HIPAA audit of a
major hospital network in the northeastern U.S., after which a robust auditing system was
implemented. Some features included cryptographic hashing of log records, real-time alerts on
unusual access, and blockchain archiving critical documents. Machine learning models caught
inappropriate access to VIP patient files to help prevent HIPAA violations that cost money.
Within six months, the system spotted several unauthorised access attempts, and one of those
attempts was a local news personality’s records. Likewise, the financial sector is susceptible to
data and strict regulations and requires rigorous auditing. To detect fraud in its global transaction
database and meet SOX compliance needs, the multinational bank adopted an AI-powered
auditing framework to cover its global database. It checks millions of daily transactions, flags
9
anomalies, and relates access logs to network behaviour. It works with a blockchain-based ledger
to have enforceable records of all the database modifications. The system detected multiple
attempts at fraud in its first year of operation, and collusion between insider and outside actors
thwarted the chances of substantial financial losses in the first year. These case studies illustrate
that auditing solutions are customized to a given industry’s risks. Healthcare mainly stresses
privacy and compliance, and finance stresses fraud detection and data integrity. Performance
optimization, privacy-sensitive computer system integration, and seamless synchronicity are
emphasized. The success factors include executive support, sufficient resources, and continuous
adjustment of auditing parameters as the parameters are used in the real world.
Future Trends
Database auditing is experiencing a very rapid evolution as emerging technologies
mature. Among these, homomorphic encryption—a technology that lets you perform this
computation on encrypted data without decryption—is a notable advance. This permits securing
sensitive audit logs and auditing without compromising confidentiality, which is of primary
interest to financial institutions since they bear potential risks in the case of traditional auditing.
However, partially homomorphic schemes are currently practical for some auditing tasks.
Another breakthrough is zero-knowledge proofs (ZKPs), which allow compliance
verification without revealing the data. ZKPs are helpful to organisations in proving regulatory
compliance in a way that hides user activity and database content from third parties, for instance,
in external audits of operations conducted under strict confidentiality. These methods are being
advocated in emerging privacy-proving audit standards.
Quantum computing is threatening the current cryptographic systems used in auditing:
RSA and ECC. Therefore, bodies like NIST have developed and standardized post-quantum
10
cryptography, such as lattice and hash-based schemes, to combat this (NIST, 2017). These
quantum-resistant algorithms are now being adopted by organizations that need auditing over a
long period.
Blockchain-based decentralized identity systems may change how database access is
authenticated and audited (ZHANG et al., 2025). They provide tamper-proof, verifiable
credentials and remove dependence on trusted central identity providers. With innovative
contract-based policies for accessing them, they can automate and secure auditing like never
before. However, integrating the database with the traditional one remains a crux.
Finally, AI and large language models (LLMs) are changing auditing log analysis. These
tools can scan for patterns, predict threats, and summarize audit data in words, making them
easier to read and respond to. With the explainability and security of AI models becoming even
more critical, it will be essential for these to both exist and remain explainable and secure in a
context where auditor outputs may be called to account legally in regulated sectors (Chinnasamy,
2025). Overall, homomorphic encryption, ZKPs, quantum-resistant cryptography, decentralised
identity, and AI will change database auditing in the future, as we can now create more secure,
scalable, and intelligent systems that match changing security compliance requirements.
Conclusion
Logging started as simple and, over time, has become a multi-layered, sophisticated
cornerstone to the security of the database—secure auditing. This paper explores how modern
auditing combines cryptographic integrity checks, distributed verification, and intelligent
anomaly detection to combat growing threats. I provide case studies describing how these
technologies support the healthcare and finance sectors’ security, compliance, and management
needs. However, trade-offs—performance, storage, and privacy considerations- must be
11
considered carefully and balanced. There is no one-size-fits-all; every organisation must use its
risk profile, regulatory emphasis, and operational real world to fit it (Fotios Roumpies &
Athanasios Kakarountas, 2023). Current limitations may soon be solved by emerging
technologies, which will enable the adoption of new capabilities as old ways of auditing are
redefined. Database professionals must stay current in the continuously evolving threat and
auditing development. Enterprise security strategies will continue to rely heavily on the process
of auditing as data becomes more and more valuable and regulations tighter. The compliance and
resilience of the auditing practices should be maintained through the proactive adoption of new
technologies and continuous improvement. Ongoing innovation in auditing will continue to drive
the future of database security to meet the demands of an ever-changing threat landscape.
12
References
Alder, S. (2025, January 30). 2024 Healthcare Data Breach Report. The HIPAA Journal.
https://www.hipaajournal.com/2024-healthcare-data-breach-report/
Buda, R. (2023, May 13). The Ultimate Oracle Database Security Assessment Checklist for
2023. Buda Consulting. https://budaconsulting.com/ultimate-oracle-database-security-
assessment-checklist/
Chaudhary, A. (2023, June 29). Cloud Security Threats and Predictions in 2023 | CSA.
Cloudsecurityalliance.org. https://cloudsecurityalliance.org/blog/2023/06/29/cloud-
security-threats-to-watch-out-for-in-2023-predictions-and-mitigation-strategies
Chinnasamy, P. (2025). AI-Powered Predictive Analytics for Cloud Performance Optimization
and Anomaly Detection. International Journal of Science and Research (IJSR), 14(3),
629–642. https://doi.org/10.21275/sr25311205448
Fotios Roumpies, & Athanasios Kakarountas. (2023). A Review of Homomorphic Encryption and
its Contribution to the Health Services Sector. https://doi.org/10.1145/3635059.3635096
Naidu, D., Bhushan Wanjari, Bhojwani, R., Saurabh Suchak, Baser, R., & Niranjan Kumar Ray.
(2023). Efficient Smart Contract for Privacy-Preserving Authentication in Blockchain
using Zero Knowledge Proof. https://doi.org/10.1109/ocit59427.2023.10430710
NIST. (2017, January 3). Post-Quantum Cryptography | CSRC | CSRC. CSRC | NIST.
https://csrc.nist.gov/projects/post-quantum-cryptography
NIST. (2024). Cybersecurity Framework. National Institute of Standards and Technology.
https://www.nist.gov/cyberframework
Pool, J. K., Akhlaghpour, S., Fatehi, F., & Jones, A. B. (2024). A systematic analysis of failures
in protecting personal health data: A scoping review. International Journal of
13
Information Management, 74(102719), 102719–102719.
https://doi.org/10.1016/j.ijinfomgt.2023.102719
Verizon. (2023). 2023 Data Breach Investigations Report. Verizon Business.
https://www.verizon.com/business/resources/reports/dbir/
ZHANG, Y., GENG, H., SU, L., & LU, L. (2025). A Blockchain-Based Efficient Data Integrity
Verification Scheme in Multi-Cloud Storage. Ieee.org.
https://ieeexplore.ieee.org/iel7/6287639/9668973/09907005
-
Abstract
Introduction
Importance of Database Auditing
Common Threats to Database Security
Secure Auditing Techniques
Challenges in Implementation
Case Studies
Future Trends
Conclusion
References
