Buy Used
$19.99
Condition: Used: Good
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley & The Gramm Leach Bliley Act GLB (Oracle In-Focus series) Paperback – December 1, 2003

10 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price New from Used from
Paperback
"Please retry"
$42.40 $0.73

Save up to 40% on professional, scholarly and scientific resources.
Wiley's Summer Savings Event
Save up to 40% on professional, scholarly and scientific resources. Learn more.

Editorial Reviews

About the Author

Arup Nanda has been an Oracle DBA in areas such as design, modeling, performance tuning, and backup and recovery. Currently he is working on the HIPAA database design for a large U.S. national insurance company. He is a frequent speaker at Oracle-related conferences such as IOUG Live, has written several Oracle-related articles, and is on the editorial board for SELECT Journal, the publication of the International Oracle Users Group. He is the founder of Proligence, Inc., a company that provides specialized solutions on Oracle technologies such as replication, standby databases, security evaluations, and HIPAA implementations. He lives in Norwalk, Connecticut. Donald K. Burleson is the author of 16 Oracle database books and is the editor-in-chief of Oracle Internals. He is an Oracle consultant with extensive experience designing and implementing Oracle8 databases, including systems architecture, project management, data warehouse design, implementation and tuning, tuning massively parallel Oracle databases, Oracle SQL tuning, using Oracle with SAP, and tuning very large Oracle databases. He lives in Kittrell, North Carolina.
NO_CONTENT_IN_FEATURE

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Series: Oracle In-Focus series
  • Paperback: 655 pages
  • Publisher: Rampant Techpress (December 1, 2003)
  • Language: English
  • ISBN-10: 0972751394
  • ISBN-13: 978-0972751391
  • Product Dimensions: 6 x 1.4 x 9 inches
  • Shipping Weight: 1.6 pounds
  • Average Customer Review: 3.4 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #2,113,497 in Books (See Top 100 in Books)

More About the Author

Arup Nanda has been working exclusively as an Oracle technologist for last 20 years covering everything from performance tuning to disaster recovery. He is the principal database architect for a major New York area multinational company. He has co-authored 5 books on Oracle database, written 500+ articles in many publications including Oracle Magazine and OTN, presented 300+ sessions at conferences like Oracle Open World and IOUG Collaborate, publishes a blog (arup.blogpsot.com), conducts training sessions and builds tools for effective database management. He is an Oracle ACE Director, a member of the Oak Table Network, an editor for SELECT Journal - the publication of IOUG, a member of the Board of Directors of Exadata SIG. He was the recipient of two prestigious awards from Oracle: DBA of the Year award and Enterprise Architect of the Year in 2012. He lives in Danbury, Connecticut, USA.

Customer Reviews

Most Helpful Customer Reviews

5 of 6 people found the following review helpful By "tiarabanks2" on January 17, 2004
Format: Paperback
I bought this book to learn more about Virtual Private Database which I am implementing now - and it was a pleasant surprise see that not only that but all other areas are detailed as well. The chapter on VPD goes much beyond the Oracle common references and explains concepts like application contexts, in such clarity and relative to to real life examples that the chapter alone may be worth the price of the book.
Other things that make the book must read - the material on listener security, a simple firewall settings, fine grained auditing, and the 10g features. SQL Injection and Application User models described in the book were exactly what we were missing and we got it in this.
Hmmm..why the large fonts?!!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 9 people found the following review helpful By Daniel L. on February 27, 2004
Format: Paperback
Agreeing with other reviewers on the astounding attention to the details, the depth of coverage, and extremely useful examples, I would like to add another perspective: this book is also an excellent read for those IT Management types who wants to get familiar with the concepts but not get buried in the details. The book introduces the topics gradually, making it available for CIOs, Security Officers, IT Managers (who can stop reading before the detailed examples) and to Senior DBAs (who can but won't skip the introductory chapters because the text is so well written and so engaging). Excellent and comprehensive read for the entire spectrum of IT professionals! A must read for those in Healthcare or for any public corporation.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By "rescheler" on January 9, 2004
Format: Paperback
What makes a good book? Topic and coverage count less than half of it; the key is the presentation. In this book the contents have been presented in a very logical manner - you would go from simple security concepts to larger and more complex issues. The best parts are perhaps the neat summaries at the end of the chapters, a bulleted list of points covered.
The most valuable part of the book, in my opinion, is the practical advice it imparts in building an Oracle database with security in mind. Take for example the section on building a virtual private database where the database users are not relevant, such as in a web interface. The chapter explains not only how to do it, but comes complete with the code to implement in action! Just loved it!
Little snippets of information such as alter session privilege is not required for any session altering commands like sort area size, etc., are pure gems. Debunking these fallacies is nothing new in books of similar kind; but this book has more of these and also in a caterigical manner which makes it easy to comprehend. Other non- or little-documented tidbits like the way a listener password is set, are also very useful.
The chapter on Oracle 10g is good; but not useful at this time. Most likely the authors wanted to bullet-proof the book for the new version of Oracle. I had downloaded the chapter from OTN earlier.
My only complaint - the book is too thick to lie flat, required for a book of this nature, i.e. reference.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
8 of 11 people found the following review helpful By Arthur Luger on September 1, 2004
Format: Paperback Verified Purchase
The title of this book is quite misleading. The title should stop with HIPAA. HIPAA is the sole focus; there is no mention of SO or GLB. True, the overall goals of SO and GLB are similar to those of HIPAA (control, accountability, confidentiality) but I would expect a book that has SO and GLB in the title to mention those laws and perhaps (as I was hoping) provide some specific insights. If you want to learn something about HIPAA, this is the book. If you want to learn something about SO or GLB, you have to learn it elsewhere and then apply the legalistic knowledge into this book on Oracle.

The second gripe is with the index. Personally, I don't have the time to read a book cover-to-cover. I need a competent index to be able to look up specifics. This index is woefully short (4 large type pages). Further, I sincerely believe the index is for some other version of the book or other book entirely. The page references do not match the pages. Hence index is useless.

I was in the process of returning this book (first time I would have done so) when I came over to the reviews and started reading them. My gripes are legitimate but I have decided to keep the book for its security aspects rather than its integration of HIPAA, SO or GLB requirements into Oracle security. After all, the Oracle Security Handbook (Theriault and Newman) is out of date.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback Verified Purchase
This remarkable book covers how to use Oracle 9i security and auditing facilities to achieve compliance with three major laws. While the book emphasizes HIPAA, it also addresses, either directly or indirectly, privacy security and auditing with respect to the Gramm-Leach-Bliley Act (Subtitle A: Disclosure of Nonpublic Personal Information 15 U.S.C. 6801-6810 and Subtitle B: Fraudulent Access to Financial Information 15 U.S.C. 6821-6827), HIPAA requirements for protecting data and enforcing security and privacy, and Sarbanes-Oxley Act Section 404 requirements related to integration of transactional systems, logs and auditing trails, and data security.

Structure of this book is in three sections:

Section I gives an introductions to HIPAA, Oracle security and Oracle auditing. Among the topics covered are grant, role-based, and profile based security, as well as virtual private databases (row-level security, fine-grained access control), and application server security.

Section II goes deeper into general Oracle security, covering relational grant security as it relates specifically to HIPAA (but can be also used for Gramm-Leach-Bliley and Sarbanes-Oxley compliance because the requirements are similar regarding these mechanisms and techniques). Also covered are encryption and network security.

Section III deals with auditing using Oracle facilities, tables, DDL and DML, and covers the spectrum from grants auditing to fine-grained audits. Again, the focus is on HIPAA requirements (Chapter 11, for example, contains the following topics: Auditing select access as per the HIPAA mandated auditing of Patient Health Information, and Combining FGA and Flashback queries to answer the most important question in addition to who saw the data, what they saw.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again