Pete Finnigan's Oracle Security Weblog

I talked about two new books on Oracle security in relation to the auditing area some time ago in this blog. I gave some brief comments on these books based on the information on the http://www.isaca.org/ - (broken link) Information Systems Audit and Control Association web site. I ordered the books at the time I talked about finding out about them. Well today they have finally arrived in the mail.

I have only had time to skim through each of them. They appear to be pretty well written and quite detailed technically, particularly in the case of the database book. The book is aimed at auditors so should provide a really good angle on the subject of Oracle security auditing. That sounds silly as the purpose of an Oracle security check can be called an audit. Generally though I think of an Oracle security audit as being done by a techie like myself rather than a formal audit firm like one of the big companies such as Delloitte and articles and books tend to be written more from the technical angle rather than the process one. Of course the nature of such an audit will always be technical. I think what I am saying is that other books tend towards the techie end of the DBA and system administrator so I am looking forwards to reading from the point of view of the formal auditor. I am of course very familiar with the subject but I am looking forward to seeing if there are any new things I can learn, especially on the Oracle applications auditing which I know much less well than the database end.

It goes without saying that I will update you all when i have read these books.