This is so frustrating. As a DBA, how do I decide where to spend my finite time
to get the best value? There is no shortage of opinion on the internet, often
from people with something to sell, but no data to help a technical specialist
protect their systems. The people who could help – those who have suffered an
attack and thought “If only we had done X” are not allowed to tell anyone else
what X is. So I am left guessing.
How do others decide how to prioritise security? I don’t want to know what you
think my priorities should be, I want to know why you think they should be my
priorities and what data you have to back that up.
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> On Behalf
Of dimensional.dba@xxxxxxxxxxx
Sent: 09 January 2024 00:10
To: rprabha01@xxxxxxxxx; l.flatz@xxxxxxxxxx
Cc: 'ORACLE-L' <oracle-l@xxxxxxxxxxxxx>
Subject: RE: Security Attack
Part of the problem here is no one releases all the information for each attack
how many systems and of what type were compromised or how the attack was
perpetrated.
Only the specific company/organization helping the attacked details and they
are not releasing the information either.
Many attacks have nothing to do your keeping up with patching.