Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Data Privacy, Auditing, Encryption Question

Re: Data Privacy, Auditing, Encryption Question

From: Kirtikumar Deshpande <kedeshpande_at_yahoo.com>
Date: Thu, 18 May 2006 15:52:08 -0700 (PDT)
Message-ID: <20060518225208.56029.qmail@web50101.mail.yahoo.com>


Hi Dennis,

 Yes, this is to comply with PCI (Payment Card Industry) Standard requirement, I was told.

 There are products on the market that are able to intercept the 'traffic' to the database and capture required information.

 Interestingly, one of the auditors questioned the need for SYS and SYSTEM accounts.

 Regards,

> Kirti,
>
> So they want something entirely outside Oracle that can track every single
> action performed within Oracle, no matter what the access method? Wow, I'd
> like to see that one as well.
> I'm assuming this is for SoX? If so, perhaps it might be better to ask
> how others are complying with their SoX auditor requirements.
> Perhaps you could suggest that the security officer keep the SYS and
> SYSTEM account passwords, and when a DBA needs to perform a task,
> the security officer temporarily changes the password and then sits behind
> the DBA to verify he/she is only performing the authorized tasks.
>
> Dennis Williams
>



Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
--
http://www.freelists.org/webpage/oracle-l
Received on Thu May 18 2006 - 17:52:08 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US