Re: Oracle Security Audit

From: Scott Canaan <srcdco_at_rit.edu>
Date: Thu, 11 Aug 2016 14:11:36 +0000
Message-ID: <1470924696835.55506_at_rit.edu>

This is pretty much what it is. Oracle offered one to our CIO last year and she jumped on it. It will be a couple of days where they will sit with the DBAs in a room and ask a lot of questions. They will send you a series of scripts to run on a representative sample of your databases (not all - 3 or 4). They will talk to the SAs, the storage people, anyone involved with security, and managers. They will put together a presentation that they will present on the last day to all of the managers and anyone else that is deemed important. They will try to sell you anything they can to "help" you mitigate the issues that they found.

In our case, we did very well - actually better than Oracle on Demand. They will have a couple of security people with them, and a sales person. The final presentation will have their recommendations to fix what they found.

Good luck,
Scott

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> on behalf of Powell, Mark <mark.powell2_at_hpe.com> Sent: Thursday, August 11, 2016 10:00 AM To: 'ORACLE-L'; cgrabowy_at_gmail.com Subject: Re: Oracle Security Audit

I have never heard of Oracle performing a 'security audit', but be prepared to hear a pitch for Oracle Vault, OID, etc.... I would be more worried about if I was in EM pack licensing than anything to do with security.

IMHO

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> on behalf of Chris Grabowy <cgrabowy_at_gmail.com> Sent: Thursday, August 11, 2016 9:38:43 AM To: 'ORACLE-L'
Subject: Oracle Security Audit

I searched through the backlog of Oracle list emails I have and I do not see this question being asked so….

My manager stopped by and mentioned that Oracle will be coming in next month to do a Security Audit.

Uh, ok. No other details.

Apparently this is no cost Oracle Security Audit.

So this could either be a Q&A session and they recommend some security products to improve our security.

Or this could be an exhaustive audit of our configuration from every possible angle.

Has anyone else had an Oracle Security Audit performed at their site?

Should I just resign now? Should I switch to the SQL Server team? Should I move my desk to the basement? Or change to my dream job of studying sloths in the rain forests of Costa Rica?

Thanks,
Chris Grabowy
m�� 祊�l��?��j�� i��0��zX��+��n��{�+i�^ Received on Thu Aug 11 2016 - 16:11:36 CEST

This message: [ Message body ]
Next message: David Mann: "Re: oracle-l Digest V13 #203"
Previous message: Mladen Gogala: "Re: case insensitvity and cursor sharing"
Maybe in reply to: Chris Grabowy: "Oracle Security Audit"
Next in thread: rob_at_oraclewizard.com: "Re: Oracle Security Audit"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message