The Oracle Database Management System remains the world's most popular DBMS. In this comprehensive four-day seminar, attendees will learn Oracle's database facilities and terminology along with the activities needed to know to provide security and controls over Oracle software. We will uncover the risks Oracle introduces and the exposures it reduces. We will also explore Oracle's approach to the client/server and Web processing environments and discover the impact Oracle has on an enterprise's organization, security profiles and information technology standards.
Using a case study, we will start by planning an audit or review and determine what technical evidence is needed. Participants will then analyze real-world examples of Data Dictionary view reports, parameter specifications, scripts, and trace data for evidence of security and integrity problems. You will learn the steps to take to prepare for an interview with the Database Administrator (DBA), and to present your report with technical findings and recommendations. In addition, class exercises throughout the session will reinforce what you learn, and you will receive an audit and security program and checklist you can put to use immediately.
This course is available on-site at your location, or offered through open enrollment 4/27/20-4/30/20
Learning Objectives
- 1. Oracle Environments, terminology, relational databases, referential integrity, structured query language (SQL), Oracle database introduction, Oracle database architecture
- 2. Oracle Objects, database objects, dml and ddl, Oracle data dictionary, Case Study: getting started
- 3. The Security Mechanism, high-risk users, user identification, authentication, roles and profiles, system privileges, object privileges, case study: analyzing privileges
- 4. Security Features, database initialization parameters, database links, network access control, product user profiles, virtual private database, Case Study: assessing security features use
- 5. Oracle Support and Security Patches, Oracle support models, database version and support risks, database security, vulnerabilities, database security patches, Case Study: review database version and security patches
- 6. Database Auditing, auditing overview and types, statement auditing, privilege auditing, object auditing, auditing configuration, Case Study: database auditing
- 7. Additional Areas For Control, network security, network encryption, data encryption, program execution, Case Study: reviewing database configuration
- 8. Organizational Impact, database organization risks and issues, organizational misalignment, database security program, audit questions, Case Study: preparing to interview the DBA
- 9. Audit and Security Approaches, general risks, audit types, sample audit program, security checklist
- 10. Wrap-Up, objectives review, evaluations