I did DOD befoer this. I am doing financial now. The federal government actually passed security laws for financial companies as part of Sarbanes-Oxley(SOX). I was told by operations that one of the rules is that development cannot have access to production data. That is a problem for production support when you get data issues. -------------- Original message -------------- From: David Aldridge <david@xxxxxxxxxxxxxxxxxx> > In the magical world that is the US Dept of Defence we use DISA's > "Security Technical Implementation Guide" (STIG), against which > standards DISA test using various scripts and whatnot. > > http://iase.disa.mil/stigs/stig/database-stig-v7r2.pdf > > Exceptions are made where justifiable. > > Anjo Kolk wrote: > > So I made it back on the list, I have a question for you all about DB > > security. There seems to be a lot of talk about DB security, but not a > > lot of action. Is that true, and if it is true why don't customers act? > > There are products out there to check for DB security, how are they > > doing? Does any body on this list use them? > > > > Please share your thoughts and comments, > > > > -- > > Anjo Kolk > > Owner and Founder OraPerf Projects > > tel: +31-577-712000 > > mob: +31-6-55340888 > > -- > //www.freelists.org/webpage/oracle-l > >