When i was searching the ways about auditing DBA activities and prevent/monitor any interference to this auditing, i found this comment in a forum which has a different point of view than i was looking for. As an employee, i think this should be the first way we evaluate security..

"There are ways to audit Oracle databases which the DBA cannot change or at least not change in an undetectable manner) but that still leaves you at the mercy of your system admins. Something that auditors seem to have a real problem understanding is that to run your systems you have to have people who, if they went bad, could do serious damage to your company and even place it in a legally difficult situation.

There is, however, a really simple yet effective solution. It's so simple and effective that it's been in use for about 550-600 years at least (i.e. since the Tudor monarchy in England).

* Be very selective in your selection and actually do background checks (it amazes me how many companies simply don't bother to do something as simple as a criminal records check).

* Pay them a lot and give them nice workplace faccilities. The more they have to lose, the more profitable any wrong doing has to be before they'll get tempted.

* Put them fairly high up in the political structure and make sure that the board back them to the hilt. If they can, figuratively speaking, 'flip the bird' to anyone who tries to put them under
pressure to do something unethical and have no fear of being sacked if they blow the whistle then they will be less likely to fall prey to political machinations in the organisations. Sometime make a list of all the companies, in say the last 35 years, that have gone under, suffered a major loss or been prosecuted due to some wrongdoing, then divide the list according to whether the person responsible was a business/finance person or a technical person. It'll be a very much one-sided list.

* Make it clear from the get go that anyone found acting unethically will be publicly sacked and their wrong doing will be publicised so they'll be lucky if McDonalds hires them to clean the grease traps. Then actully do it. I believe that in the first use of this system the punishment was public beheading (it was in the 1500s) but you don't need to go that far."

Powered by Blogger.

Page Views

- Copyright © Emre Baransel - Oracle Blog -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -