Databases Reference
In-Depth Information
that your investments in what are often disparate layers and techniques all
work together toward the same goal. Additionally, any database security
implementation will involve multiple people from multiple departments
(e.g., DBAs, developers, information security officers, and auditors). A
well-documented database usage security policy will also ensure that these
individuals (who often have different skills and competencies) can use a
common terminology and can augment each other rather than combat
each other.
1.5
Resources and Further Reading
After you complete reading this topic, here are additional resources (online
resources and topics) that can help you when implementing security and
auditing initiatives that involve your database environments:
Oracle:
www.petefinnigan.com:
Pete Finnigan is one of the world's foremost
Oracle security experts, and he posts a lot of useful information on
his Web site.
www.petefinnigan.com/weblog/archives:
Pete Finnigan's Oracle
security weblog
www.dba-oracle.com/articles.htm#burleson_arts:
Many good articles on
Oracle (and some on Oracle security) published by Don Burleson
www.linuxexposed.com:
A good resource for security including an
excellent paper “Exploiting and Protecting Oracle” (http://files.linux-
exposed.com/linuxexposed.com/files/oracle-secu-
rity.pdf#search='pentest%20exploiting%20and%20protecting%20or
acle')
www.appsecinc.com/techdocs/whitepapers.html:
Application Security
Inc.'s white paper page, including a white paper titled “Protecting
Oracle Databases”
www.dbasupport.com:
Miscellaneous articles, resources, and tips on
Oracle
Oracle Security Handbook
by Marlene Theriault and Aaron Newman
Effective Oracle Database 10g Security
by Design
by David Knox
Oracle Privacy Security Auditing
by Arup Nanda and Donald Burleson
Search WWH ::
Custom Search