RE: OT: percent of DBAs that know how to implement database security measures (42)
- From: "Mark W. Farnham" <mwf@xxxxxxxx>
- To: "Oracle-L@Freelists" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 5 Apr 2006 17:02:10 -0400
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
Sent: Tuesday, April 04, 2006 8:51 PM
To: Oracle-L@Freelists
Subject: RE: OT: percent of DBAs that know how to impletement database
security measures
Someone wrote in part:
If your company is bound by Sarbanes Oxley requirements, you find out in
a big hurry where your holes are.
<snip>
<comment partially suppressed by self censorship about the relationship
amongst where your holes are, Sarbanes, Oxley, getting bound, and toothless
gerbils>
Sarbanes Oxley (see also Mladen's comments in another post) has been useful
primarily as a full employment act for the auditors whose malfeasance caused
an auditing company to go bankrupt for allowing Enron and other fiascoes to
occur over a period of several years when they should have been caught by
the aforementioned auditors.
Controlling access to the database and security is of course a useful
activity, but it cannot prevent bad acts by collusion amongst people across
scopes of control that allow fraud.
For example, if one person can create a vendor, another can approve capital
expense, and a third can record receipts of goods, then nothing about the
database access will prevent them from draining a company of funds but
auditors acting in a timely fashion and in good faith.
Of course everything would be much more transparent if we put an end to the
silly concept of taxing business, which is just a way to create entropy and
employ tax accountants in efforts valuable to each tax paying company and
worthless to mankind as a whole.
Regards,
mwf
PS: and in the original post there was something about 60 - obviously that
number is actually 42 in some context.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
