Re: Security Measures

From: Mladen Gogala <mgogala_at_yahoo.com>
Date: Tue, 07 Apr 2015 12:50:00 -0400
Message-ID: <55240AB8.5010502_at_yahoo.com>



On 04/07/2015 02:26 AM, walid kaakati (Redacted sender walid_alkaakati_at_yahoo.com for DMARC) wrote:
> Hallo List,
>
>
> I would like to know what security measures you apply other than
> Auditing to ensure that your database is secure and you are as a DBA
> has done your home work and you are secure legally.
>
> Best wishes for all !,

If you have in mind something like SOX or HIPAA, there is a well defined list of requirements which can be found on many internet sites. Security is a matter of money. It doesn't encompass only software security but also physical security. One of the most infamous recent data breaches (Target Inc.) was perpetrated in such a way that external "contractors" were allowed to install "software updates" on the cash registers. Dumpster diving is a well known practice. I have been engaged on a site where the PC admin was not allowing users to create their own passwords, but was using generated password. Result: in a huge number of cubicles, there were little yellow sticky notes with senseless strings attached to the cubicle wall.
Security is usually proportional to the value of data you're protecting. Nobody is going to capture your network traffic without your knowledge and decrypt your password in a machine with 512 CPU sockets unless you're dealing with a well equipped national security service. In that case, only a guard dog like this can protect you:

http://stuffpoint.com/taco-bell/image/117222/taco-bell-dog-picture/

-- 
Mladen Gogala
Oracle DBA
http://mgogala.freehostia.com


--
http://www.freelists.org/webpage/oracle-l
Received on Tue Apr 07 2015 - 18:50:00 CEST

Original text of this message