Re: Data Privacy, Auditing, Encryption Question
- From: Kirtikumar Deshpande <kedeshpande@xxxxxxxxx>
- To: oracledba.williams@xxxxxxxxx
- Date: Thu, 18 May 2006 15:52:08 -0700 (PDT)
Hi Dennis,
Yes, this is to comply with PCI (Payment Card Industry) Standard requirement,
I was
told.
There are products on the market that are able to intercept the 'traffic' to
the
database and capture required information.
Interestingly, one of the auditors questioned the need for SYS and SYSTEM
accounts.
Regards,
- Kirti
--- Dennis Williams <oracledba.williams@xxxxxxxxx> wrote:
> Kirti,
>
> So they want something entirely outside Oracle that can track every single
> action performed within Oracle, no matter what the access method? Wow, I'd
> like to see that one as well.
> I'm assuming this is for SoX? If so, perhaps it might be better to ask
> how others are complying with their SoX auditor requirements.
> Perhaps you could suggest that the security officer keep the SYS and
> SYSTEM account passwords, and when a DBA needs to perform a task,
> the security officer temporarily changes the password and then sits behind
> the DBA to verify he/she is only performing the authorized tasks.
>
> Dennis Williams
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
//www.freelists.org/webpage/oracle-l
Other related posts:
- » Data Privacy, Auditing, Encryption Question
- » Re: Data Privacy, Auditing, Encryption Question
- » RE: Data Privacy, Auditing, Encryption Question
- » Re: Data Privacy, Auditing, Encryption Question
- » RE: Data Privacy, Auditing, Encryption Question
- » Re: Data Privacy, Auditing, Encryption Question
