Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Country

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Regulations

Risk

Standards

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

Oracle Database

Welcome to the Oracle Database topic!

In this topic you may collaborate with your peers by participating in discussions, adding links and documents, and starting or contributing to wikis.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
209 Members
1 Online
5278 Visits

 Recent Discussions
Myth-Busting SQL- And Other Injection Attacks. Posted by Ian Cooke.
Top 10 Oracle Steps to a Secure Oracle Database Server. Posted by Ian Cooke.
Demo of Oracle Data Masking Using Enterprise Manager 12c. Posted by Ian Cooke.

Community Leader

Ian Cooke

Ian Cooke

Title: IT Audit Manager

Points: 21706

NEW! Participate in Discussions Via Email. 

You can now respond to discussions by simply replying to the email alert. Just enable this feature in discussions on this topic. Learn more

Discussions: 71 total

Must be a Topic member to contribute
View All »
Myth-Busting SQL- And Other Injection Attacks
Myth-Busting SQL- And Other Injection Attacks http://www.darkreading.com/database/myth-busting-sql-and-other-injection-at/240155328
Ian Cooke | 5/22/2013 7:56:09 AM | COMMENTS(0)
Top 10 Oracle Steps to a Secure Oracle Database Server
Top 10 Oracle Steps to a Secure Oracle Database Server http://blog.opensecurityresearch.com/2012/03/top-10-oracle-steps-to-secure-oracle.html Also added to the links section.
Ian Cooke | 5/14/2013 10:20:28 AM | COMMENTS(0)
Demo of Oracle Data Masking Using Enterprise Manager 12c
Demo of Oracle Data Masking Using Enterprise Manager 12c  https://blogs.oracle.com/securityinsideout/entry/demo_of_oracle_data_masking
Ian Cooke | 5/8/2013 4:27:15 AM | COMMENTS(0)
10 Reasons SQL Injection Still Works
10 Reasons SQL Injection Still Works http://www.darkreading.com/database/10-reasons-sql-injection-still-works/240154405
Ian Cooke | 5/8/2013 4:17:22 AM | COMMENTS(0)
Comparing SQL Server and Oracle datatypes
Comparing SQL Server and Oracle datatypes http://www.mssqltips.com/sqlservertip/2944/comparing-sql-server-and-oracle-datatypes/
Ian Cooke | 4/25/2013 8:11:41 AM | COMMENTS(0)
Prioritizing Your Database Security Patches
Prioritizing Your Database Security Patches http://www.darkreading.com/vulnerability/prioritizing-your-database-security-patc/240153473
Ian Cooke | 4/24/2013 3:39:28 AM | COMMENTS(0)
View All »

Documents & Publications: 7 total

Must be a Topic member to contribute
View All »
Spool Oracle views to CSV type files
Spool Oracle views to CSV type files (Ian Cooke)
Posted by Ian Cooke 422 days ago
Oracle 11g Security
Excellent overview of Oracle 11g Security By Pete Finnigan
Posted by Ian Cooke 443 days ago
How to resolve Root Certificate Expiry Issue for Enterprise Manager-Database Control (10.2.0.4)
This paper demonstrates how to resolve the Oracle Enterprise Manager – Database Control configuration errors in Oracle Database versions 10.2.0.4 or 10.2.0.5, arising due to the Root Certificate Expiry issue since 31st December, 2010.
Posted by ZafferK 642 days ago
Database Disaster Recovery using only RMAN Backups
This paper demonstrates how an Oracle Database can be recovered or reconstructed by using only the RMAN Backup files (from Disks) in case of a complete server crash.
Posted by ZafferK 991 days ago
My Journey from 9.0.1 to 9.2.0.8
My experience on how we migrated our Production Database from Oracle 9iR1 [9.0.1] to Oracle 9iR2 [9.2.0.8] in July/August 2008.
Posted by ZafferK 991 days ago
Downloads
Security, Audit and Control Features Oracle Database, 3rd Edition Excerpt
Posted by ISACA 1081 days ago
View All »

Events & Online Learning: 1 total

30 Sep 2013
ISACA International Event
Conferencia Latinoamericana
Medellín, Colombia
La Conferencia Latinoamericana CACS/ISRM 2013 en Medellín, Colombia es la conferencia principal latinoamericana para los profesionales de auditoría, riesgo y seguridad de la información. Ahorre más de EE.UU. $ 100 si se inscribe antes del 7 de agosto!
More »
Add to my Outlook
Register Now

Journal Articles: 3 total

Volume 1, 2011
Book Review—Applied Oracle Security
by David Knox, Scott Gaetjen, Hamza Jahangir, Tyler Muth, Patrick Sack, Richard Wark and Bryan Wise | Reviewed by Horst Karin, Ph.D., CISA, CISSP, ITIL
The strength of this book is its comprehensive knowledge, which is presented in an easy-to-understand style with useful supporting background information.
Volume 3, 2010
Book Review—Security, Audit and Control Features Oracle Database, 3rd Edition
by ISACA | Reviewed by K. K. Mookhey, CISA, CISM, CISSP
A book review of the third edition of this popular ISACA title.
Volume 4, 2007
Approaches to Monitor Activities in Oracle Database
by Ying Shi, CISA, OCP

User Contributed External Links: 53 total

Wikis: 2 total

Blog Posts: 12 total

View All »
5 Nov 2012
OIC GRC Reality
Case Studies Based On Real World Experience All OIC Member Contractors have the option to participate in a new component of our Oracle Governance, Risk and Compliance (GRC) training called OIC GRC Reality.  You will have an opportunity to participate...
Posted By : RogerDrolet | 4 comments
29 Sep 2012
Oracle Database Script Passwords
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 0 comments
30 Mar 2012
Auditing Oracle using CAATs – Bringing It All Together
The main idea I am trying to advocate with these posts is a simple one.  Compare a database you are auditing against a database that you know already meets the standards required by the organisation you are auditing. This is achieved by creating “CSV...
Posted By : Ian Cooke | 1 comments
27 Mar 2012
Auditing Oracle using CAATs – Miscellaneous Items
We have covered most of the core items that should be consider when performing an Oracle database audit in previous posts, however there a number of other items that I would typically look into. Database Links A database link is an object in one databa...
Posted By : Ian Cooke | 0 comments
19 Mar 2012
Auditing Oracle Audit Configurations using CAATs
The company you are auditing should have a policy on what is being audited within your Oracle database.  The level of auditing will almost certainly be affected by the sensitivity of the data. Good examples and bench marks for auditing may be seen in th...
Posted By : Ian Cooke | 0 comments
15 Mar 2012
Auditing Oracle Users using CAATs
Typically application access to an Oracle database is via one of two methods.  Either all users access the same database using a single (proxy) user which is defined in an initialisation (.INI) file, registry etc. Or the users access the database indiv...
Posted By : Ian Cooke | 1 comments
View All »
Report An Issue