Re: Sarbaynes-Oxley and the Oracle DBA

>There are several new books out there.
>One that I am currently reading is by David Knox, "Effective Oracle
>Database 10g Security by Design" (oracle press) ISBN 0-07-223130-0.
>
>Arup Nanda authored a series for articles for OTN:
>http://www.oracle.com/technology/oramag/webcolumns/2003/techarticles/nanda_fga.h
>tml
>and a book named "Oracle Privacy Security Auditing" ISBN 0972751394
>which I have not yet acquired, as I have half a dozen new oracle press
>books (most with "10g" in their title) that are not yet read.
>(the "Oracle Wait Interface" book is awesome).
>
>-bdbafh

Hi Paul,

I have read Arups book which is quite good and is aimed specifically at SO, GLB and HIPAA. Arup is a very good author and his style is very easy to read. It does quite a good job on covering how to be compliant. I am also reading Dave Knox's new book, from what I have read so far it does a thorough job of covering the main features necessary to be compliant although the book is certainly not aimed at this market as Arups book is, encryption of data, VPD and FGA plus many other areas. Its coverage of checking the database for security weaknesses in the first section is not too thorough though although David told me this is intentional to not cover the same ground covered elsewhere in the SANS book. I think SO forces the DBA to be much more security aware.

As someone else pointed out its worth the OP checking out the previous discussions that have taken place on the ORACLE-L list. Jared, I know has talked quite a few times about SO.

kind regards

Pete

>-bdbafh

PS, what does bdbafh stand for?, if anything!

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.