Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: OT: percent of DBAs that know how to impletement database security measures

Re: OT: percent of DBAs that know how to impletement database security measures

From: Mladen Gogala <gogala_at_sbcglobal.net>
Date: Wed, 05 Apr 2006 08:42:30 -0400
Message-Id: <1144240950l.2542l.1l@medo.noip.com> 






On 04/04/2006 08:50:32 PM, Zelli, Brian wrote:



> We have to document every exception for access, limit and restrict

> developers to only development machines and then make every correction,

> move

> and implementation to the production instances.  It is a pain but a

> necessary evil to comply with SOX.  We have had no issues with the

> federal auditors in the 2 years that reporting has been mandatory.  And

> we've gotten to understand our environment from most angles.  Not

> perfect but being forced to get there.......   




Yes, SoX is a good law which has so far prevented numerous collapses
like Enron, MCI or Global Crossing. It was bound to happen, given the
evil perpetrated by the DBA personnel in case of all those companies.
That is why it is absolutely vital for the database to be over-administered
to the point of being ridiculous. Making absolutely sure that user has to
enter at least 3 passwords (PC, Oracle and Web proxy) before he or she can 
start working is extremely important and as effective as Giulliani's "shop 
until you drop" tactics was against terrorism. Forcing an average cubicle
dweller to change password every 90 days is guaranteed to prevent another
Enron. It looks like GM is just about to collapse. The only thing preventing
it from doing so are regular password changes.


-- 
Mladen Gogala
http://www.mgogala.com

--
http://www.freelists.org/webpage/oracle-l


Received on Wed Apr 05 2006 - 07:42:30 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US