Re: OT: percent of DBAs that know how to impletement database security measures

Guys,    

  One thing you are not considering. The DBA may know how to implement security measures but let's say that they are working in a "legacy" environment where apps where not setup correctly to begin with. The DBA cannot go out and wily-nily change passwords that might be used across applications. They simply need the assistance and participation of the apps group. That I found was the biggest issue - getting assistance from apps development to change code appropriately. It is not something that could or should be done by a DBA in a vacuum. If the organization has a separate security team - then - the DBA might enlist their help to get everyone on the same page.    

  :)

Keith Moore <kmoore_at_zephyrus.com> wrote:   If you take out the part "know how to", as in

... a full 60 percent of DBAs do not implement database security...

then I would say that based on my experience it's too low.

For example, when I find a shared Oracle account on a production system with DBA privileges AND the username equal to the password, the response by management is "Yeah, we know, but it's too difficult to change it right now. We'll do it later".

Keith

> A little piece of email today told me the following:
>
> "... a full 60 percent of DBAs do not know how to implement database
> security measures, according to Forrester Research".
>
> Does that figure seem to be:
>
> - too high
> - too low
> - just about right
> - Cowboy Neil
>
> Inquring minds want to know.
> Personally, I think that the phrase lacks the term "properly", as in
> "properly implement database security measures".
> "shutdown abort" or "lsnrctl stop" would be examples of "improperly
> implement database security measures".
>
> Paul
>

--
http://www.freelists.org/webpage/oracle-l




		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1¢/min.
--
http://www.freelists.org/webpage/oracle-l