Wow. Now *that* is an open-ended question.
I'm not sure what you mean by "secure legally", but let's leave that for
now.
Database security -- or computer security in general -- is mostly a
*business* decision. If I were to set my mind to it, I could probably make
my databases super-duper-unbelievably-secure, but in doing so I could
easily end up spending millions of dollars and might in the end produce a
database (or computer system) that is next to unusable.
Your fist step is -- or at least should be -- to identify your business
requirements, regulatory compliance obligations, and corporate policies,
and then design and implement a security policy that meets them.
There are really no absolutes, and no universal truths. Even simple
sounding things like "always keep up with security patches" cannot be
applied globally, nor without buy-in/support from the business. (Not
unless you want to spend your weekends working for free to install patches
that the business is unwilling to pay you to install.) In fact, even where
it comes to patches, some businesses have constraints that actually
*preclude* the installation of patches without first taking extreme
measures to obtain approval. One example that comes to mind would be
applications used for medical testing -- the software and database
configurations are certified by the US government (FDA) and cannot be
changed, for any reason, without their prior approval. Installing security
updates *could* require the entire system to be re-certified.
Perhaps a better question is "what do you do to motivate business
leadership to take more interest and make more appropriate investments in
security?".
On Tue, Apr 7, 2015 at 2:26 AM, walid kaakati <dmarc-noreply@xxxxxxxxxxxxx>
wrote:
Hallo List,
I would like to know what security measures you apply other than Auditing
to ensure that your database is secure and you are as a DBA has done your
home work and you are secure legally.
Best wishes for all !,
