Control and audit monitoring are important to the security of the Oracle database. Many computer incidents and frauds in the database occur because the database management system and the data generated by applications are not properly audited. As we help big organizations audit their system security controls, our finding is that the failure to properly audit the Oracle database is due to the absence of expertise to do so, and this problem is in all organizations today. This course has been developed in response to identified needs and to specific requests received from auditors and their employers asking for a special training to help bridge this gap.
This course will be technically intensive on Oracle security controls auditing but it will start with a remedial segment that is designed to teach auditors Oracle concepts, Oracle’s database facilities, commands and vernacular upon which Oracle security controls auditing skills will be built in the later part of the course. The course will help you identify the many risks in Oracle database infrastructure and teach you how to audit for the vulnerabilities with substantive system audit procedures used by our experienced consultants in the field.
This is a fully hands-on training. You must therefore be basically computer literate to attend, but no need of prior Oracle training or knowledge as the Remedial Introduction will take care of that.
• Remedial Introduction/Review of the Oracle DBMS
• The Nature of Oracle Objects and Basis for Audit Evidence
• Oracle Security Features and Mechanisms Auditors must Know
• Understanding the Integrity Strategy of the Oracle Database
• Oracle Services, Utilities and Commands with Security Control Risks
• Scoping the Oracle Audit Universe and its Organizational Impact
• A Demonstration of the Oracle Security Audit Approach
• Developing Your Oracle Database Audit Program
• Translating your Audit Thoughts into Audit Commands using SQL Script
• Executing your Commands to Pull Audit Evidence from the Database
• Analyzing, Interpreting and Reporting the Results