Re: Sarbaynes-Oxley and the Oracle DBA

norwoodthree_at_my-deja.com (NorwoodThree) wrote in message news:<ba03e2c.0408262027.23eed52c_at_posting.google.com>...
> Hello all,
>
> My company is going thru the pain (as many of you probably are) of
> Sarbaynes-Oxley compliance.
>
> I was curious to see if there was any information, discussion, or
> thoughts anyone could post regarding how this applies to the database
> administrator position. There are obvious implications to security,
> process/data flow, and change management.
>
> Does anyone think that the role of database administrator (especially
> Oracle Financials database administrators) will change or elevate as
> Sarbaynes-Oxley takes hold?

one needs to know more about security in general (truism, tautology). An understanding of security at all levels, not just within the database, will gain importance.
one might be working with auditing, fine-grained access, virtual private database and user-space triggers to secure audit trails. management and reporting of such data will be important to the auditors.
one may need to setup the role of the security admin and work closely with that role.
higher availability may see increased attention.

In general, testing (of backup/restore/recovery), process and documentation will be emphasized over acts of performance tuning heroism (or heiroinism).

There are several new books out there.
One that I am currently reading is by David Knox, "Effective Oracle Database 10g Security by Design" (oracle press) ISBN 0-07-223130-0.

Arup Nanda authored a series for articles for OTN: http://www.oracle.com/technology/oramag/webcolumns/2003/techarticles/nanda_fga.html and a book named "Oracle Privacy Security Auditing" ISBN 0972751394 which I have not yet acquired, as I have half a dozen new oracle press books (most with "10g" in their title) that are not yet read. (the "Oracle Wait Interface" book is awesome).

-bdbafh Received on Fri Aug 27 2004 - 12:29:24 CDT