This is pretty much what it is. Oracle offered one to our CIO last year and
she jumped on it. It will be a couple of days where they will sit with the
DBAs in a room and ask a lot of questions. They will send you a series of
scripts to run on a representative sample of your databases (not all - 3 or 4).
They will talk to the SAs, the storage people, anyone involved with security,
and managers. They will put together a presentation that they will present on
the last day to all of the managers and anyone else that is deemed important.
They will try to sell you anything they can to "help" you mitigate the issues
that they found.
In our case, we did very well - actually better than Oracle on Demand. They
will have a couple of security people with them, and a sales person. The final
presentation will have their recommendations to fix what they found.
Good luck,
Scott
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on behalf
of Powell, Mark <mark.powell2@xxxxxxx>
Sent: Thursday, August 11, 2016 10:00 AM
To: 'ORACLE-L'; cgrabowy@xxxxxxxxx
Subject: Re: Oracle Security Audit
I have never heard of Oracle performing a 'security audit', but be prepared to
hear a pitch for Oracle Vault, OID, etc.... I would be more worried about if I
was in EM pack licensing than anything to do with security.
IMHO
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on behalf
of Chris Grabowy <cgrabowy@xxxxxxxxx>
Sent: Thursday, August 11, 2016 9:38:43 AM
To: 'ORACLE-L'
Subject: Oracle Security Audit
I searched through the backlog of Oracle list emails I have and I do not see
this question being asked so….
My manager stopped by and mentioned that Oracle will be coming in next month to
do a Security Audit.
Uh, ok. No other details.
Apparently this is no cost Oracle Security Audit.
So this could either be a Q&A session and they recommend some security products
to improve our security.
Or this could be an exhaustive audit of our configuration from every possible
angle.
Has anyone else had an Oracle Security Audit performed at their site?
Should I just resign now? Should I switch to the SQL Server team? Should I
move my desk to the basement? Or change to my dream job of studying sloths in
the rain forests of Costa Rica?
Thanks,
Chris Grabowy
m���� �祊�l��?���j�����
��i��0���zX���+��n��{�+i�^