RE: Sarbanes Oxley reporting

• From: "Kerber, Andrew" <Andrew.Kerber@xxxxxxx>
• To: wbfergus@xxxxxxxx, Bernard.Polarski@xxxxxxxxxxxxxx
• Date: Tue, 13 Feb 2007 10:12:40 -0600

Of course, the people who made up the CIS report made the assumption
that everyone uses Oracle the same way, and therefore have the same
security requirements. 

 

Andrew W. Kerber 
Oracle DBA 
UMB 
 

 

"If at first you dont succeed, dont take up skydiving" 

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of William B Ferguson
Sent: Tuesday, February 13, 2007 10:00 AM
To: Bernard.Polarski@xxxxxxxxxxxxxx
Cc: jkstill@xxxxxxxxx; Oracle-L Freelists; oracle-l-bounce@xxxxxxxxxxxxx
Subject: RE: Sarbanes Oxley reporting

 


An interesting thread that also happens to coincide nicely with a
directive we just received yesterday. 

Our agency (in it's infinite wisdom) decided to adopt the CIS report for
Oracle databases (http://www.cisecurity.org/bench_oracle.html)  in it's
entirety, with full compliance by June 2007. Probably half of our
databases are created and run by scientists that simply saw Oracle as a
larger Access database with more horsepower, and treat it accordingly.
An awful lot of them run Oracle as their own personal database for their
project and have little understanding of database administration, so
this exercise should prove interesting. Maybe some will finally realize
that they should merge with others and possibly let somebody with a bit
of Oracle knowledge set them up and run them, but after all, this is the
government. 

I doubt if anyone in "the group" that made the decision knows anything
about databases, let alone Oracle (to include the spelling), or even
realize what most of our Oracle databases consist of. 

I have discovered though that SQL Developer has some pretty nifty
built-in reports that cover many of the different "reports" others have
mentioned in this thread, and they can be exported as XML files that
should be able to be read back into Excel or whatever people want to
use.  Taking a quick look at them, they seem pretty useful, has anybody
else taken a look at them? 

------------------------------------------------------------------------
-----

                              Bill Ferguson


------------------------------------------------------------------------------
NOTICE:  This electronic mail message and any attached files are confidential.  
The information is exclusively for the use of the individual or entity intended 
as the recipient.  If you are not the intended recipient, any use, copying, 
printing, reviewing, retention, disclosure, distribution or forwarding of the 
message or any attached file is not authorized and is strictly prohibited.  If 
you have received this electronic mail message in error, please advise the 
sender by reply electronic mail immediately and permanently delete the original 
transmission, any attachments and any copies of this message from your computer 
system. Thank you.

==============================================================================

• » Sarbanes Oxley reporting
• » RE: Sarbanes Oxley reporting
• » Re: Sarbanes Oxley reporting
• » Re: Sarbanes Oxley reporting
• » Re: Sarbanes Oxley reporting
• » RE: Sarbanes Oxley reporting
• » RE: Sarbanes Oxley reporting
• » RE: Sarbanes Oxley reporting
• » RE: Sarbanes Oxley reporting
• » Re: Sarbanes Oxley reporting
• » Re: Sarbanes Oxley reporting

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription