Pete Finnigan's Oracle Security Weblog

Jared posted a link to this article on the Oracle-l list a couple of days ago and i marked it to blog when i got the chance and as my PC has just started to install a patch and will need a reboot I decided to do a quick blog post. The article is called "Rogue DBAs: Hidden Inside Security Threat" and is quite interesting.

This really highlights the current problems. People are starting to take database security seriously but we still have a very long way to go. The current evidence suggests that most sites have not done the basics and most likely have not turned on audit in the database; if they have its probably not being monitored and almost certainly privilege user access is not monitored and even if it is it can be bypassed by the people being monitored. This is just a fact of life that i see day to day at customer sites. The landscape is changing though and a lot more people are taking database security seriously and also have allocated budget for it; times are changing. As the article says we dont hear of these cases often; well I do know of others but they are not public; why do we not hear more? ... I leave that to you to guess..... but are the business even aware of theft going on???