Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Oracle Database

Welcome to the Oracle Database topic!

In this topic you may collaborate with your peers by participating in discussions, adding links and documents, and starting or contributing to wikis.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
285 Members
2 Online
7089 Visits

 Recent Discussions

Oracle Security Alert for CVE-2014-0160. Posted by Ian Cooke.
Oracle Critical Patch Update Advisory - April 2014. Posted by Ian Cooke.
Oracle Continues Oracle Cloud Expansion With N... Posted by Ian Cooke.

Community Leader

Ian Cooke

Ian Cooke

Title: IT Audit Manager

Points: 45608

NEW! Participate in Discussions Via Email. 

You can now respond to discussions by simply replying to the email alert. Just enable this feature in discussions on this topic. Learn more

Discussions: 217 total

Must be a Topic member to contribute
View All »
Oracle Critical Patch Update Advisory - April 2014
Ian Cooke | 4/17/2014 3:16:09 AM | COMMENTS(0)
Oracle Continues Oracle Cloud Expansion With New Oracle Database Backup and Oracle Storage Cloud Services
Ian Cooke | 4/14/2014 8:00:57 AM | COMMENTS(0)
Protecting the Electric Grid in a Dangerous World
Ian Cooke | 4/13/2014 1:34:07 PM | COMMENTS(0)
Oracle's Paul Needham on How to Defend Against Insider Attacks
Ian Cooke | 4/9/2014 8:27:47 AM | COMMENTS(0)
I'm researching CA-Datacom Security; specifically trying to identify how to report and entitle DBA level privileges, as well as prepare monitoring reports from any logging available. Datacom uses external ACF2 security. Does anyone have an audit plan ...
Jeff949 | 4/2/2014 4:10:16 PM | COMMENTS(3)
Forrester Report: Total Economic Impact of Oracle Data Masking Are any members using Oracle Data Masking?  Thoughts/opinions?
Ian Cooke | 4/2/2014 6:50:19 AM | COMMENTS(0)

Documents & Publications: 14 total

Must be a Topic member to contribute
View All »
Oracle Database Privilege Escalation
Posted by Ian Cooke 22 days ago
Sources of Assurance for an Oracle Database - with updated links
Posted by Ian Cooke 23 days ago
Database Link Security by Paul M. Wright
Posted by Ian Cooke 55 days ago
Spool Oracle views to CSV type files. Updated to include addtional views
Posted by Ian Cooke 72 days ago
Oracle Database Security by Database Consult Aalderks (
Posted by Ian Cooke 139 days ago
Best of Oracle Security 2013. A review of Oracle database security in 2013 by Red-Database-Security
Posted by Ian Cooke 153 days ago

Events & Online Learning: 3 total

Journal Articles: 4 total

Volume 2, 2014
by Ian Cooke, CISA, CGEIT, COBIT-F, CFE, CPTS, DipFM, ITIL-F, Six Sigma Green Belt
CAATs are a valuable tool for auditing Oracle databases.
Volume 1, 2011
by David Knox, Scott Gaetjen, Hamza Jahangir, Tyler Muth, Patrick Sack, Richard Wark and Bryan Wise | Reviewed by Horst Karin, Ph.D., CISA, CISSP, ITIL
The strength of this book is its comprehensive knowledge, which is presented in an easy-to-understand style with useful supporting background information.
Volume 3, 2010
by ISACA | Reviewed by K. K. Mookhey, CISA, CISM, CISSP
A book review of the third edition of this popular ISACA title.
Volume 4, 2007
by Ying Shi, CISA, OCP

Wikis: 2 total

Blog Posts: 13 total

Agile technique in software development has been around for quite some time. There have been efforts to adopt the agile techniques for strategic planning, alignment and execution. Following are some of the relevant articles/blog posts in this area. The to...
Posted By : SA | 0 comments
5 Nov 2012
Case Studies Based On Real World Experience All OIC Member Contractors have the option to participate in a new component of our Oracle Governance, Risk and Compliance (GRC) training called OIC GRC Reality.  You will have an opportunity to participate...
Posted By : RogerDrolet | 4 comments
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 0 comments
The main idea I am trying to advocate with these posts is a simple one.  Compare a database you are auditing against a database that you know already meets the standards required by the organisation you are auditing. This is achieved by creating “CSV...
Posted By : Ian Cooke | 1 comments
We have covered most of the core items that should be consider when performing an Oracle database audit in previous posts, however there a number of other items that I would typically look into. Database Links A database link is an object in one databa...
Posted By : Ian Cooke | 0 comments
The company you are auditing should have a policy on what is being audited within your Oracle database.  The level of auditing will almost certainly be affected by the sensitivity of the data. Good examples and bench marks for auditing may be seen in th...
Posted By : Ian Cooke | 0 comments