Who audits the auditor's auditor?
"Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes."
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
Fax: (707) 885-2275
Fuelspot
73 Princeton Street
North, Chelmsford 01863
-----Original Message-----
Sent: Friday, September 07, 2001 9:50 AM
To: Multiple recipients of list ORACLE-L
"The point is, you only need one, single trusted person to hold the
administrator account (someone from your audit firm, for example) and almost
everything can be done by sub-administrators who only have the precise
permissions they need and no more. In theory, anyway :0)"
There's that "single point of failure" again! so... the auditor is more
trusted than the DBA?
Who audits the auditor?
>From: "Guy Hammond" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Fri, 07 Sep 2001 01:45:06 -0800
>
>There is an administrator account, but individual users can configure
>access control lists on their files (right-click, properties, security)
>that would prevent the administrator from reading them. The only way
>that an administrator could then read them would be to "take ownership"
>first. Unlike Unix, ownership of a file is taken rather than given, so
>even if an Administrator read a confidential file, the OS would not let
>then erase traces of having done so. If you wanted to steal a file, you
>could obviously back it up to tape (if you have the Backup Operator
>role) restore it to another system, take ownership there and read it
>(unless it was encrypted of course) but there's only so much an OS can
>do about physical security.
>
>The point is, you only need one, single trusted person to hold the
>administrator account (someone from your audit firm, for example) and
>almost everything can be done by sub-administrators who only have the
>precise permissions they need and no more. In theory, anyway :0)
>
>g
>
>
>
>-----Original Message-----
>Sent: Thursday, September 06, 2001 2:41 PM
>To: Multiple recipients of list ORACLE-L
>
>
>but doesn't there have to be ONE account/role in NT that can assign all
>the others? how else could you set up a role or continue to set them
>up?
>
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Guy Hammond
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
>message BODY, include a line containing: UNSUB ORACLE-L (or the name of
>mailing list you want to be removed from). You may also send the HELP
>command for other information (like subscribing).
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Christopher Spence
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
