Re: How do you meet your audit requirement?

From: Jared Still <>
Date: Thu, 26 Jun 2008 14:57:52 -0700
Message-ID: <>

On Thu, Jun 26, 2008 at 2:17 PM, Lyndon Tiu <> wrote:

> Oh ok. I always assumed DBAs were honest and trustworthy individuals. My
> bad.

Most are.

The point is that from an auditing standpoint, those kind of measures are just
eye candy for auditors.

That reminds me of the auditor that insisted I give screen shots of an xterm window.

She thought that was 'proof', and it never occurred to her that there are several
ways to fake screen shots, all undetectable.

And the auditor to whom I explained various methods I could use to bypass controls,
and they would not be able to detect it. His reply was "But you wouldn't do that,
would you"

No, I wouldn't. But someone else might.

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

Received on Thu Jun 26 2008 - 16:57:52 CDT

Original text of this message