Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle Auditing Recommendations
I'll agree with you for the most part. However,
when an auditor comes in and reports a discrepancy in that
the DBA's have the SYS password as a problem, I
have to say that's "putting a stamp". How else do
you create the database if you don't know and give it
the sys password.
Yes, this was a real life audit example. The auditor who was clueless about what a DBA was or did, had this checklist of items and just lumped DBA's in as users and since we knew how to get at the base level of the DB we were considered an audit risk. We all volunteered to give up the password and go home. Our boss wasn't impressed.
Niall Litchfield wrote:
> On 8/7/06, Rodd Holman <Rodd.Holman_at_gmail.com> wrote:
>> >> Also remember, auditors are hired to find things wrong. If everything >> they find comes up good, then their supervisors question their diligence >> in their jobs. So every auditor needs to find something they can report >> just to show that they were doing their job. No auditor wants to be >> found eligible for the Enron audit team.
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Aug 08 2006 - 11:04:56 CDT