RE: "Oracle Risk Assessment"
Date: Thu, 9 Apr 2015 17:52:38 -0400
Message-ID: <089801d0730f$7fc00a20$7f401e60$_at_rsiz.com>
I'd say you fail the basic risk assessment if you give them access to your production databases.
Rule 1: Don't tell people your passwords.
.
If you're at risk of a break in I'm supposing a memo that you won't prosecute them for trying to break in as long as they don't actually damage anything should suffice.
If you're only vulnerable if you give them assistance, then do not give them assistance.
Now as for dealing with the presumably higher up the administrative org. charts folks who have "informed" you an "Oracle Risk Assessment" will be performed, I suggest your mention the above to them and insist that someone at their level or higher be the deliverer of access rather than you.
mwf
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
On Behalf Of Scott Canaan
Sent: Thursday, April 09, 2015 2:38 PM
To: oracle-l_at_freelists.org
Subject: "Oracle Risk Assessment"
So, we were just informed that we are going to be having an "Oracle Risk Assessment" performed on our databases. We did limit it to five databases, not all. My questions are: Has anyone been through one of these before? If so, what did they do?
Oracle indicated that they'd prefer to do production databases, but that there may be a performance hit. It was hinted that we'd get to see the scripts in advance, but I'm not convinced that Oracle will really do that.
My expectation is that the reason Oracle has offered to do this (for free) is: 1) to make sure we are not in license violations; and 2) to try to sell us some security applications.
Scott Canaan '88 (srcdco_at_rit.edu)
(585) 475-7886 - work (585) 339-8659 - cell
"Life is like a sewer, what you get out of it depends on what you put into it." - Tom Lehrer
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Apr 09 2015 - 23:52:38 CEST