RE: OT: percent of DBAs that know how to implement database security measures (42)

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
Sent: Tuesday, April 04, 2006 8:51 PM
To: Oracle-L_at_Freelists
Subject: RE: OT: percent of DBAs that know how to impletement database security measures

Someone wrote in part:

If your company is bound by Sarbanes Oxley requirements, you find out in a big hurry where your holes are.
<snip>

<comment partially suppressed by self censorship about the relationship
amongst where your holes are, Sarbanes, Oxley, getting bound, and toothless gerbils>

Sarbanes Oxley (see also Mladen's comments in another post) has been useful primarily as a full employment act for the auditors whose malfeasance caused an auditing company to go bankrupt for allowing Enron and other fiascoes to occur over a period of several years when they should have been caught by the aforementioned auditors.

Controlling access to the database and security is of course a useful activity, but it cannot prevent bad acts by collusion amongst people across scopes of control that allow fraud.

For example, if one person can create a vendor, another can approve capital expense, and a third can record receipts of goods, then nothing about the database access will prevent them from draining a company of funds but auditors acting in a timely fashion and in good faith.

Of course everything would be much more transparent if we put an end to the silly concept of taxing business, which is just a way to create entropy and employ tax accountants in efforts valuable to each tax paying company and worthless to mankind as a whole.

Regards,

mwf

PS: and in the original post there was something about 60 - obviously that number is actually 42 in some context.

--
http://www.freelists.org/webpage/oracle-l