Re: Back and a Question
- From: ryan_gaffuri@xxxxxxxxxxx
- To: david@xxxxxxxxxxxxxxxxxx, anjo.kolk@xxxxxxxxxxx
- Date: Tue, 15 Aug 2006 19:29:05 +0000
I did DOD befoer this. I am doing financial now. The federal government
actually passed security laws for financial companies as part of
Sarbanes-Oxley(SOX). I was told by operations that one of the rules is that
development cannot have access to production data. That is a problem for
production support when you get data issues.
-------------- Original message --------------
From: David Aldridge <david@xxxxxxxxxxxxxxxxxx>
> In the magical world that is the US Dept of Defence we use DISA's
> "Security Technical Implementation Guide" (STIG), against which
> standards DISA test using various scripts and whatnot.
>
> http://iase.disa.mil/stigs/stig/database-stig-v7r2.pdf
>
> Exceptions are made where justifiable.
>
> Anjo Kolk wrote:
> > So I made it back on the list, I have a question for you all about DB
> > security. There seems to be a lot of talk about DB security, but not a
> > lot of action. Is that true, and if it is true why don't customers act?
> > There are products out there to check for DB security, how are they
> > doing? Does any body on this list use them?
> >
> > Please share your thoughts and comments,
> >
> > --
> > Anjo Kolk
> > Owner and Founder OraPerf Projects
> > tel: +31-577-712000
> > mob: +31-6-55340888
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
Other related posts:
