Re: Security Measures
Date: Tue, 07 Apr 2015 12:50:00 -0400
Message-ID: <55240AB8.5010502_at_yahoo.com>
On 04/07/2015 02:26 AM, walid kaakati (Redacted sender walid_alkaakati_at_yahoo.com for DMARC) wrote:
> Hallo List,
>
>
> I would like to know what security measures you apply other than
> Auditing to ensure that your database is secure and you are as a DBA
> has done your home work and you are secure legally.
>
> Best wishes for all !,
If you have in mind something like SOX or HIPAA, there is a well defined
list of requirements which can be found on many internet sites. Security
is a matter of money. It doesn't encompass only software security but
also physical security. One of the most infamous recent data breaches
(Target Inc.) was perpetrated in such a way that external "contractors"
were allowed to install "software updates" on the cash registers.
Dumpster diving is a well known practice. I have been engaged on a site
where the PC admin was not allowing users to create their own passwords,
but was using generated password. Result: in a huge number of cubicles,
there were little yellow sticky notes with senseless strings attached to
the cubicle wall.
Security is usually proportional to the value of data you're protecting.
Nobody is going to capture your network traffic without your knowledge
and decrypt your password in a machine with 512 CPU sockets unless
you're dealing with a well equipped national security service. In that
case, only a guard dog like this can protect you:
http://stuffpoint.com/taco-bell/image/117222/taco-bell-dog-picture/
-- Mladen Gogala Oracle DBA http://mgogala.freehostia.com -- http://www.freelists.org/webpage/oracle-lReceived on Tue Apr 07 2015 - 18:50:00 CEST