• Classroom
Course Description

The Oracle Database Management System remains the world's most popular DBMS. In this comprehensive four-day seminar, attendees will learn Oracle's database facilities and terminology along with the activities needed to know to provide security and controls over Oracle software. We will uncover the risks Oracle introduces and the exposures it reduces. We will also explore Oracle's approach to the client/server and Web processing environments and discover the impact Oracle has on an enterprise's organization, security profiles and information technology standards.

Using a case study, we will start by planning an audit or review and determine what technical evidence is needed. Participants will then analyze real-world examples of Data Dictionary view reports, parameter specifications, scripts, and trace data for evidence of security and integrity problems. You will learn the steps to take to prepare for an interview with the Database Administrator (DBA), and to present your report with technical findings and recommendations. In addition, class exercises throughout the session will reinforce what you learn, and you will receive an audit and security program and checklist you can put to use immediately.

This course is available on-site at your location, or offered through open enrollment in Chicago, IL.

Learning Objectives

  1. Oracle Environments, terminology, components and products, platforms, architecture, basic risks and exposures, demonstration: getting started
  2. Oracle Objects, basic data objects, program-type objects, evidence: data dictionary and dynamic performance "views", case study: delineating the environment and determining the required evidence
  3. The Security Mechanism, high-risk users, user identification, authentication, roles and profiles, system privileges, object privileges, SQL DCL: GRANTS and REVOKES, case study: analyzing basic access controls
  4. Security Features, views, stored procedures and triggers, product_user_profile, remote login password files, virtual private databases, OS file security, encryption, case study: evaluating security features use
  5. Database Record Mechanisms, objectives, methods, the audit feature, fine grain auditing, alert trace files, case study: assessing recording mechanisms use
  6. Integrity Features , constraints, referential integrity, triggers, change management, deadlocks, missing updates, case study: evaluating integrity feature use
  7. High-Risk Commands and Utilities, data guard, backup/recovery, scripts, enterprise manager, SET commands, parameter files, case study: analyzing the operational environment
  8. Organizational Impact , security profiles, roles and responsibilities, auditing the DBA function, areas for standardization, audit questions, case study: preparing to interview the DBA
  9. Audit and Security Approaches, general risks, audit types, sample audit program, security checklist, case study: reporting audit and security findings
  10. Wrap-Up, objectives review, evaluations

Framework Connections