Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your email address or mobile phone number.
Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley & The Gramm Leach Bliley Act GLB (Oracle In-Focus series) Paperback – December 1, 2003
Top 20 lists in Books
View the top 20 best sellers of all time, the most reviewed books of all time and some of our editors' favorite picks. Learn more
Customers Who Viewed This Item Also Viewed
More About the Author
Top Customer Reviews
Other things that make the book must read - the material on listener security, a simple firewall settings, fine grained auditing, and the 10g features. SQL Injection and Application User models described in the book were exactly what we were missing and we got it in this.
Hmmm..why the large fonts?!!
The most valuable part of the book, in my opinion, is the practical advice it imparts in building an Oracle database with security in mind. Take for example the section on building a virtual private database where the database users are not relevant, such as in a web interface. The chapter explains not only how to do it, but comes complete with the code to implement in action! Just loved it!
Little snippets of information such as alter session privilege is not required for any session altering commands like sort area size, etc., are pure gems. Debunking these fallacies is nothing new in books of similar kind; but this book has more of these and also in a caterigical manner which makes it easy to comprehend. Other non- or little-documented tidbits like the way a listener password is set, are also very useful.
The chapter on Oracle 10g is good; but not useful at this time. Most likely the authors wanted to bullet-proof the book for the new version of Oracle. I had downloaded the chapter from OTN earlier.
My only complaint - the book is too thick to lie flat, required for a book of this nature, i.e. reference.
The second gripe is with the index. Personally, I don't have the time to read a book cover-to-cover. I need a competent index to be able to look up specifics. This index is woefully short (4 large type pages). Further, I sincerely believe the index is for some other version of the book or other book entirely. The page references do not match the pages. Hence index is useless.
I was in the process of returning this book (first time I would have done so) when I came over to the reviews and started reading them. My gripes are legitimate but I have decided to keep the book for its security aspects rather than its integration of HIPAA, SO or GLB requirements into Oracle security. After all, the Oracle Security Handbook (Theriault and Newman) is out of date.
Structure of this book is in three sections:
Section I gives an introductions to HIPAA, Oracle security and Oracle auditing. Among the topics covered are grant, role-based, and profile based security, as well as virtual private databases (row-level security, fine-grained access control), and application server security.
Section II goes deeper into general Oracle security, covering relational grant security as it relates specifically to HIPAA (but can be also used for Gramm-Leach-Bliley and Sarbanes-Oxley compliance because the requirements are similar regarding these mechanisms and techniques). Also covered are encryption and network security.
Section III deals with auditing using Oracle facilities, tables, DDL and DML, and covers the spectrum from grants auditing to fine-grained audits. Again, the focus is on HIPAA requirements (Chapter 11, for example, contains the following topics: Auditing select access as per the HIPAA mandated auditing of Patient Health Information, and Combining FGA and Flashback queries to answer the most important question in addition to who saw the data, what they saw.Read more ›
Most Recent Customer Reviews
Excellent book for general security information with Oracle (VPDs, Roles, Encryption and the rest)
As an another review pointed out, the book is very light on SOX... Read more
I primarily purchased this book for help on Virtual Private Database (VPD) and Row Level Security (RLS). We use these features at work and need to expand on them. Read morePublished on December 6, 2005 by George A. Loewenthal
I bought this book for understanding how to handle compliance in Oracle. No where in the book can you find details about HIPAA, SOX or GLBA complaince!!!! Read morePublished on October 21, 2004 by KMD