Re: OT: percent of DBAs that know how to impletement database security measures
- From: John D Parker <orclwzrd@xxxxxxxxx>
- To: bdbafh@xxxxxxxxx, "Oracle-L@Freelists" <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 4 Apr 2006 14:12:00 -0700 (PDT)
How about how many companies have a clue when some auditor tells them XXX is
not secure and you need to do XXX to secure it.
I just lost a client becaust they are getting PCI certified and they decided
that as a third party working on their system I must be certified also or not
touch it. A quick review of the PCI standards I found out on the web had no
such restriction...
I've won several usability battles with the nice auditors, for some reason they
won't take the oncall pager along with the sys, system and oracle passwords...
So they hand the whole thing back and go away.
John
former security team member...
Paul Drake <bdbafh@xxxxxxxxx> wrote: A little piece of email today told me the
following:
"... a full 60 percent of DBAs do not know how to implement database security
measures, according to Forrester Research".
Does that figure seem to be:
- too high
- too low
- just about right
- Cowboy Neil
Inquring minds want to know.
Personally, I think that the phrase lacks the term "properly", as in "properly
implement database security measures".
"shutdown abort" or "lsnrctl stop" would be examples of "improperly implement
database security measures".
Paul
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
starting at 1¢/min.
Other related posts:
