Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Oracle Database

Welcome to the Oracle Database topic!

In this topic you may collaborate with your peers by participating in discussions, adding links and documents, and starting or contributing to wikis.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
307 Members
1 Online
7516 Visits

 Recent Discussions

What's the Difference Between Oracle Transpare... Posted by Ian Cooke.
Large Oracle update to fix over 100 vulnerabilities. Posted by Ian Cooke.
Dark Reading Radio: Oracle Database Security Hacked. Posted by Ian Cooke.

Community Leader

Ian Cooke

Ian Cooke

Title: IT Audit Manager

Points: 51426

NEW! Participate in Discussions Via Email. 

You can now respond to discussions by simply replying to the email alert. Just enable this feature in discussions on this topic. Learn more

Discussions: 251 total

Must be a Topic member to contribute
View All »
Nice summary of TDE, Data Masking & Data Redaction What's the Difference Between Oracle Transparent Data Encryption, Data Masking and Data Redaction? https://blogs.oracle.com/securityinsideout/entry/what_s_the_difference_between
Ian Cooke | 7/18/2014 2:37:00 AM | COMMENTS(0)
Large Oracle update to fix over 100 vulnerabilities http://www.zdnet.com/large-oracle-update-to-fix-over-100-vulnerabilities-7000031555/
Ian Cooke | 7/17/2014 2:58:18 AM | COMMENTS(4)
Looks like this could be interesting.  If anyone does listen in could they please feedback to the group Dark Reading Radio: Oracle Database Security Hacked http://www.darkreading.com/application-security/database-security/dark-reading-radio-oracle-databa...
Ian Cooke | 7/9/2014 3:54:10 AM | COMMENTS(1)
Worth reviewing for Linux Users.... ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security http://www.darknet.org.uk/2014/07/odat-oracle-database-attacking-tool-test-oracle-database-security/ Would be interested to hear how members get on ...
Ian Cooke | 7/7/2014 8:33:54 AM | COMMENTS(1)
Podcast on Audit Vault & Database Firewall Securing Gas and Electrical Utilities with Oracle Audit Vault and Database Firewall https://blogs.oracle.com/securityinsideout/entry/securing_gas_and_electrical_utilities
Ian Cooke | 6/30/2014 8:06:44 AM | COMMENTS(0)
Nice blog post from Integrigy on using the DBMS_SQLHASH package to check for changes (also added to the links section). See "How Can Auditors use DBMS_SQLHASH" http://www.integrigy.com/oracle-security-blog/trusting-privileged-users-dbmssqlhash-and-three-...
Ian Cooke | 6/27/2014 3:32:27 AM | COMMENTS(0)

Documents & Publications: 17 total

Must be a Topic member to contribute
View All »
Exploiting PL/SQL Injection on Oracle 12c by David Litchfield [david.litchfield@datacom.com.au]
Posted by Ian Cooke 5 days ago
Oracle Data Redaction is Broken by David Litchfield [david.litchfield@datacom.com.au]
Posted by Ian Cooke 5 days ago
Oracle Database Security Quick Reference by Integrigy
Posted by Ian Cooke 68 days ago
Oracle Database Privilege Escalation
Posted by Ian Cooke 111 days ago
Sources of Assurance for an Oracle Database - with updated links
Posted by Ian Cooke 112 days ago

Events & Online Learning: 3 total

Journal Articles: 4 total

Volume 2, 2014
by Ian Cooke, CISA, CGEIT, COBIT-F, CFE, CPTS, DipFM, ITIL-F, Six Sigma Green Belt
CAATs are a valuable tool for auditing Oracle databases.
Volume 1, 2011
by David Knox, Scott Gaetjen, Hamza Jahangir, Tyler Muth, Patrick Sack, Richard Wark and Bryan Wise | Reviewed by Horst Karin, Ph.D., CISA, CISSP, ITIL
The strength of this book is its comprehensive knowledge, which is presented in an easy-to-understand style with useful supporting background information.
Volume 3, 2010
by ISACA | Reviewed by K. K. Mookhey, CISA, CISM, CISSP
A book review of the third edition of this popular ISACA title.
Volume 4, 2007
by Ying Shi, CISA, OCP

Wikis: 2 total

Blog Posts: 11 total

Agile technique in software development has been around for quite some time. There have been efforts to adopt the agile techniques for strategic planning, alignment and execution. Following are some of the relevant articles/blog posts in this area. The to...
Posted By : SA | 0 comments
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 0 comments
The main idea I am trying to advocate with these posts is a simple one.  Compare a database you are auditing against a database that you know already meets the standards required by the organisation you are auditing. This is achieved by creating “CSV...
Posted By : Ian Cooke | 1 comments
We have covered most of the core items that should be consider when performing an Oracle database audit in previous posts, however there a number of other items that I would typically look into. Database Links A database link is an object in one databa...
Posted By : Ian Cooke | 0 comments
The company you are auditing should have a policy on what is being audited within your Oracle database.  The level of auditing will almost certainly be affected by the sensitivity of the data. Good examples and bench marks for auditing may be seen in th...
Posted By : Ian Cooke | 0 comments
Typically application access to an Oracle database is via one of two methods.  Either all users access the same database using a single (proxy) user which is defined in an initialisation (.INI) file, registry etc. Or the users access the database indiv...
Posted By : Ian Cooke | 1 comments