Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: percent of DBAs that know how to implement database security measures
I don't know about the percentage, but I can tell you my own
experiences. It has been difficult for me to feel I have a complete
understanding of the 'big picture'.
Where are the holes? What are the potential impacts? What concrete migration steps can I take? How can I test it?
The research I did was like one of those treasure hunts we did as kids...here's one clue.......oh, here's another one .... Only thing is, I haven't found the treasure yet! I did come across one fairly decent document from Oracle on hardening the database. I did most of those steps. Even then, I didn't always know 'why' I was doing something. And then, what about my Application Servers? It's been a source of frustration, but also a fairly decent learning experience.
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Murching, Bob
Sent: Tuesday, April 04, 2006 2:48 PM
To: 'bdbafh_at_gmail.com'; 'Oracle-L_at_Freelists'
Subject: RE: percent of DBAs that know how to impletement database
security measures
Well, the trick to properly implementing security measures is to tailor said measures to the company's unique environment--its users, its projects and the data being managed. Can 40% of DBAs establish the appropriate set of security standards? My answer would be that less than 10% are ever given the choice. I believe that "one size fits all" is a dangerous approach to IT security, but so long as that mentality is in place, *nobody* is going to be able to *properly* implement any security measures.
From: Paul Drake [mailto:bdbafh_at_gmail.com]
Sent: Tuesday, April 04, 2006 4:34 PM
To: Oracle-L_at_Freelists
Subject: OT: percent of DBAs that know how to impletement database
security measures
A little piece of email today told me the following:
"... a full 60 percent of DBAs do not know how to implement database security measures, according to Forrester Research".
Does that figure seem to be:
Inquring minds want to know.
Personally, I think that the phrase lacks the term "properly", as in
"properly implement database security measures".
"shutdown abort" or "lsnrctl stop" would be examples of "improperly
implement database security measures".
Paul
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Apr 04 2006 - 15:59:26 CDT