-----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx Sent: Tuesday, April 04, 2006 8:51 PM To: Oracle-L@Freelists Subject: RE: OT: percent of DBAs that know how to impletement database security measures Someone wrote in part: If your company is bound by Sarbanes Oxley requirements, you find out in a big hurry where your holes are. <snip> <comment partially suppressed by self censorship about the relationship amongst where your holes are, Sarbanes, Oxley, getting bound, and toothless gerbils> Sarbanes Oxley (see also Mladen's comments in another post) has been useful primarily as a full employment act for the auditors whose malfeasance caused an auditing company to go bankrupt for allowing Enron and other fiascoes to occur over a period of several years when they should have been caught by the aforementioned auditors. Controlling access to the database and security is of course a useful activity, but it cannot prevent bad acts by collusion amongst people across scopes of control that allow fraud. For example, if one person can create a vendor, another can approve capital expense, and a third can record receipts of goods, then nothing about the database access will prevent them from draining a company of funds but auditors acting in a timely fashion and in good faith. Of course everything would be much more transparent if we put an end to the silly concept of taxing business, which is just a way to create entropy and employ tax accountants in efforts valuable to each tax paying company and worthless to mankind as a whole. Regards, mwf PS: and in the original post there was something about 60 - obviously that number is actually 42 in some context. -- //www.freelists.org/webpage/oracle-l