Part of the documentation process in any disaster plan is supplemental notes and memos that outline any discussion and decisions made to secure your database system. Everything discussed should be included. If there are any decisions made against suggestions, those should be documented to cover yourself. For your expanding case file, add to it a memo outlined below.
Memo: You know the database is behind the company’s firewall. You notice that it is still possible for SQL queries to pass to the database even though it is protected behind your firewall. How is this possible? What do you suggest to Mr. McAlister as the owner to make sure this doesn’t happen and that the database is more secure? Are there cost associated with this plan? Detail them.