A four-stage vulnerability management system should be developed. It should ensure that vulnerabilities are identified, that a decision is made as to how to react to those vulnerabilities, that there is careful testing prior to patching and that actions are tracked so that success (or otherwise) can be monitored. This system should:
Oracle Database is one of most powerful database in the world. Almost very secure, very stable but it doesnt mean that Oracle Database is 100% free from security threat. Below checklist of Oracle Security Audit that can be used as part of daily security monitoring, comply to ISO17799 or ISO27001 regarding IT security configuration. You can rely on this Security Checklist for your better Oracle Database Configuration.
This security audit checklist could be used for almost all Oracle Database version, from Oracle8, Oracle8i, Oracle9i
The basic process how to develop sounds good information security policy.
1. Selecting an information security policy architecture development/review team. The size of the team will vary depending on the organization size. A suggestion for the policy development team would be as follows:
a. Senior administrator (servers, network devices);
b. Management team member who will be assisting with enforcement;
c. Counsel team member;
d. Internal audit team member;
e. User community member (this person could be the policy interpreter before implementing into the enterprise);
f. Writer—a technical writer, if possible.
2. Reviewing the information security team’s reporting structure to ensure appropriate staffing for monitoring and appropriate level of authority for enforcement.
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve it’s objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area.
When using this template, for each area, please rate:
* Current process control effectiveness on a High / Medium / Low scale
* Past performance history on a Good / Fair / Poor scale
* Personnel adequacy on a Good / Fair / Poor scale
Then, please rank the top ten functions/risk areas, based on the threat of embedded risks on achieving the company's objectives and strategies for the upcoming year. Consider the following when ranking the top ten risk areas:
IT general controls typically impact multiple applications in the technology environment and prevent certain events from impacting the integrity of processing or data. Computer operations, physical and logical security, program changes, systems development and business continuity are examples of processes where general IT controls reside. These IT controls are “pervasive” because they can have an impact on the organization’s achievement of financial reporting objectives germane to many of it processes.