SQL Server provides robust capabilities to monitor itself, and it can be easy to be overwhelmed with the choices presented through catalog or dynamic management views, extended events, server-side traces (for older versions of SQL Server), or performance counters. That is true on the security side as well.
Read the 15-page whitepaper “Top Five Items to Audit in SQL Server” by K. Brian Kelley to learn about the top five items you should be auditing on all of your SQL Servers, and how to do them. Keeping an eye on these items will help you verify database security and access to your environment. They are: Who has administrative access to SQL Server? Who has been granted CONTROL and IMPERSONATE permissions? Who are the database owners? What are the respective database permissions? What failed logins are you getting on your SQL Servers?
The presenter, K. Brian Kelley, is a SQL Server author, columnist, and Microsoft Most Valued Professional (MVP), focusing primarily on SQL Server and Windows security. In addition to being a database administrator, he has served as an infrastructure and security architect encompassing solutions with Citrix, virtualization, and Active Directory. Brian is also a Certified Information Systems Auditor and has been the head of a computer incident response team of a financial organization. Brian is active in the information technology community, having spoken at DevConnections, SQL Saturdays, code camps, and user groups.