RE: Back and a Question

From: Hameed, Amir <Amir.Hameed_at_xerox.com>
Date: Tue, 15 Aug 2006 09:37:03 -0400
Message-ID: <77A4D80DB2ADD74EB5D7F1D31626F0C0038A74CD@usa0300ms03.na.xerox.net>

I can tell you from Xerox's standpoint that we are taking security very seriously. We have both the internal and external audits done on quarterly basis and various reports are looked at by the auditors to make sure that we are not violating any security policy. So far we are relying on database auditing and the 11i application auditing and reports are generated from these tools and presented to the auditors. We are not using any external tool so far.  

Amir

---

From: akolk_at_oraperf.com [mailto:akolk_at_oraperf.com] On Behalf Of Anjo Kolk
Sent: Tuesday, August 15, 2006 9:30 AM
To: Hameed, Amir
Cc: oracle-l
Subject: Re: Back and a Question

        Hi Amir,          

        I have actually left Symantec/Veritas/Precise etc. I have been asked by a company to look into this and what I notice is a lot of talk about security but not a lot of action. Just wanted to make sure that other folks see it the same way.          

        Anjo.                   

        On 8/15/06, Hameed, Amir <Amir.Hameed_at_xerox.com> wrote:

                Are you planning on adding a feature/module to Precise and looking for feedback from users?

---

                        From: oracle-l-bounce_at_freelists.org [mailto: oracle-l-bounce_at_freelists.org <mailto:oracle-l-bounce_at_freelists.org> ] On Behalf Of Anjo Kolk

			Sent: Tuesday, August 15, 2006 9:10 AM
			To: ryan_gaffuri_at_comcast.net
			Cc: oracle-l
			Subject: Re: Back and a Question
			
			 

		
		http://www.Lumigent.com <http://www.lumigent.com/> 
		http://www.appsecinc.com <http://www.appsecinc.com/> 
		http://www.insight-tec.com/en/
		
		These are a few (and if other people know more let me

know) companies that do DB security in one way or another.                 

                Sure there are people that can do a scan of the environment, but isn't that an one time action and shouldn't people be more involved with security on an ongoing basis?                 

                Anjo.                                  

                On 8/15/06, ryan_gaffuri_at_comcast.net < ryan_gaffuri_at_comcast.net> wrote:

                        what products check for DB security? I believe there is a whole security IT sector with people who come into companies and look for holes in their software. Is that the same thing?                                                   

• Original message

  ---

  From: "Anjo Kolk" < anjo.kolk_at_oraperf.com <mailto:anjo.kolk_at_oraperf.com> > So I made it back on the list, I have a question for you all about DB security. There seems to be a lot of talk about DB security, but not a lot of action. Is that true, and if it is true why don't customers act? There are products out there to check for DB security, how are they doing? Does any body on this list use them?

                                Please share your thoughts and comments,                                 

				-- 
				Anjo Kolk
				Owner and Founder OraPerf Projects
				tel:    +31-577-712000
				mob: +31-6-55340888 




		-- 
		Anjo Kolk
		Owner and Founder OraPerf Projects
		tel:    +31-577-712000
		mob: +31-6-55340888 




	-- 
	Anjo Kolk
	Owner and Founder OraPerf Projects
	tel:    +31-577-712000
	mob: +31-6-55340888 

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Aug 15 2006 - 08:37:03 CDT