Protecting information assets is challenging for every enterprise, regardless of size and industry, and it has become an even more complex task for enterprises adopting distributed computing environments.
Security, Audit and Control Features OracleDatabase, 3rd Edition, provides a new perspective of security and controls over Oracle. This updated edition includes a background and review of security controls and addresses the risks associated with protecting information in a distributed computing environment of various platforms, versions, interfaces and tools.
The goal of this popular book is to guide the assessor through a comprehensive evaluation of security for an Oracle database based on business objectives and risks. It examines several different frameworks that can be used to assess security risks and covers technical topics, including an overview of Oracle Database s architecture, operating system controls, auditing and logging, network security, and new features in Oracle 11g (differences from previous versions of Oracle Database are noted, as well as differences that may exist based on the host operating system of the database).Topics in the book include:
Security, Audit and Control Features Oracle Database, 3rd Edition helps simplify a daunting task, giving readers the approach, knowledge and tools to effectively plan and execute an Oracle Database security assessment.
"synopsis" may belong to another edition of this title.
Oracle is the most widely used database across the world. And even though databases hold some of the most sensitive information, they are often least understood in terms of security controls and auditing.
To address these gaps in an auditor's understanding of Oracle and its security features, ISACA offers the third edition of Security, Audit and Control Features Oracle Database. Although written from an auditor's point of view, the book also serves as an excellent resource to the database administrator (DBA) looking to ensure compliance to security best practices. Chief information security officers (CISOs) and information security managers will also find value in the book as a source for a comprehensive set of database security controls.
The book begins by briefly discussing the history of the Oracle database and the security features gradually introduced from version 6 to the latest version 11g. It then describes important Oracle concepts, such as the difference between an instance and a database, the Oracle processes, and file structures. In chapters 5 and 6, the authors provide the basic background to planning the audit.
A secured database needs to run on a secured operating system. Oracle runs on a wide variety of operating systems, and in chapter 7, the authors cover important security controls for Windows and UNIX operating systems in which Oracle is installed.
In chapter 8, the authors cover the newer security features introduced in version 10g and 11g. Often, awareness of these features can push an organization to upgrade its current database versions.
In chapters 9 through 13, the authors cover key Oracle security features such as Oracle system privileges, controlling access to critical objects such as stored procedures and triggers, the use of roles to group users and permissions together, password controls, resource limits, database links and trusted relationships, operating system security, and network security controls.
Chapter 14 rounds up the discussion with information on general database security controls such as change management, segregation of duties, documentation, monitoring, vulnerability and patch management, and backup and recovery.
The huge dependencies of organizations on applications and their underlying databases implies that the availability of the database often affects the very existence of a company. While the cost of an interruption depends on a number of factors, it can be significant enough to impact both the profitability and the reputation of any organization. In light of this, the book covers the important aspects of Oracle's backup and recovery features, and its other disaster recovery and redundancy capabilities. The reader is encourage to explore Oracle's offerings such as Oracle Data Guard, Oracle Advanced Replication, Oracle Recovery Manager (RMAN) and Real Application Clusters (RAC).
The appendices present a wealth of useful information, including an introduction to automated Oracle security assessment tools, a comprehensive audit/assurance program and an internal control questionnaire (ICQ), recommendations for the professional, frequently asked questions, a glossary, and explanation of acronyms, and suggested readings. Appendix 4, Recommendations for the Professional, provide a 10-point list, including gems such as "befriend the DBA" and "think like a hacker." This is a good example of the emphasis the book puts on the practical aspects of the subject at hand.
Overall, this book provides excellent coverage of Oracle security features and controls for the auditor, information security practitioner and the DBA preparing for their next database audit.--K. K. Mookhey, CISA, CISM, CISSP - ISACA Journal, Volume 3, 2010
"About this title" may belong to another edition of this title.
Book Description Isaca, 2009. Paperback. Book Condition: New. book. Bookseller Inventory # M1604201185
Book Description Isaca, 2009. Paperback. Book Condition: New. Never used!. Bookseller Inventory # P111604201185
Book Description Isaca, 2009. Paperback. Book Condition: New. Brand New!. Bookseller Inventory # VIB1604201185
Book Description Isaca, 2009. Paperback. Book Condition: Brand New. 3rd edition edition. 219 pages. 8.80x6.00x0.60 inches. In Stock. Bookseller Inventory # 1604201185