Yeah it is what Scott said. I was offered it last year and we didn't end
up doing, no reason why, probably should have. We have Database Vault
(hate it) and Encryption. But they way I was told is that will all the
security issues they want to help make sure companies are doing everything
they can. And if they already have some Oracle security products they want
to make sure you are using them correctly, or of course maybe try to sell
you something. I don't see how it could hurt you other then losing maybe a
couple days.
Let me know how it goes and your thoughts of the process. I might try to
hit up my rep to see if we can still do it.
Thanks,
On Thu, Aug 11, 2016 at 7:11 AM, Scott Canaan <srcdco@xxxxxxx> wrote:
This is pretty much what it is. Oracle offered one to our CIO last year
and she jumped on it. It will be a couple of days where they will sit with
the DBAs in a room and ask a lot of questions. They will send you a series
of scripts to run on a representative sample of your databases (not all - 3
or 4). They will talk to the SAs, the storage people, anyone involved with
security, and managers. They will put together a presentation that they
will present on the last day to all of the managers and anyone else that is
deemed important.
They will try to sell you anything they can to "help" you mitigate the
issues that they found.
In our case, we did very well - actually better than Oracle on Demand.
They will have a couple of security people with them, and a sales person.
The final presentation will have their recommendations to fix what they
found.
Good luck,
Scott
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on
behalf of Powell, Mark <mark.powell2@xxxxxxx>
Sent: Thursday, August 11, 2016 10:00 AM
To: 'ORACLE-L'; cgrabowy@xxxxxxxxx
Subject: Re: Oracle Security Audit
I have never heard of Oracle performing a 'security audit', but be
prepared to hear a pitch for Oracle Vault, OID, etc.... I would be more
worried about if I was in EM pack licensing than anything to do with
security.
IMHO
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on
behalf of Chris Grabowy <cgrabowy@xxxxxxxxx>
Sent: Thursday, August 11, 2016 9:38:43 AM
To: 'ORACLE-L'
Subject: Oracle Security Audit
I searched through the backlog of Oracle list emails I have and I do not
see this question being asked so….
My manager stopped by and mentioned that Oracle will be coming in next
month to do a Security Audit.
Uh, ok. No other details.
Apparently this is no cost Oracle Security Audit.
So this could either be a Q&A session and they recommend some security
products to improve our security.
Or this could be an exhaustive audit of our configuration from every
possible angle.
Has anyone else had an Oracle Security Audit performed at their site?
Should I just resign now? Should I switch to the SQL Server team? Should
I move my desk to the basement? Or change to my dream job of studying
sloths in the rain forests of Costa Rica?
Thanks,
Chris Grabowy
m���� �祊�l��?���j �����
