AUD445: Auditing Security and Controls of Oracle Databases
Over the past few years we have seen attackers target data since there is a financial incentive to being able to compromise valuable data. The media seems to be reporting new data compromises constantly. That means auditors need to be effectively auditing the controls that should exist to protect this valuable organizational asset.
Oracle Databases often store the data that's being targeted. Oracle Databases are very complex and challenging to audit! Auditors need to be able to effectively audit the processes and controls in place around the database to ensure the asset is being properly protected and the risks properly managed.
This course provides all of the details, including the IT process, procedural and technical controls, that you as an auditor should look for when conducting an Oracle database audit. Even better, you have the opportunity to get firsthand experience extracting and interpreting data from a live Oracle Database which allows you to be able to return and immediately conduct an Oracle Database audit. By getting hands-on experience, you get a better understanding of exactly how an Oracle Database operates and what data is available for audit purposes. The course is also put together in such a way that you can add additional value to the business and provide further security recommendations and benefits for the database being audited.
|AUD445.1: Day 1|
In order to properly audit Oracle databases, auditors have to have an understanding of what is involved in an Oracle database and how the database operates. These foundations are more will be covered to provide a solid foundation to build from throughout the course.
CPE/CMU Credits: 6
Oracle Database Concepts
Physical and Environmental Controls
Architectural and Inventory Controls
Change Control, Patch Management and Vulnerabilities
OS, Network and Application Controls
|AUD445.2: Day 2|
There are many authentication and access control options available for Oracle databases. Auditors must understand what the options are and how they can be implemented so they are properly audited. This day begins by looking at the risks related to the listener, and then moves into the controls around authentication and access control.
CPE/CMU Credits: 6
Authentication Process and Methods
Oracle Advanced Security
Access Controls including User Accounts, Roles and Passwords
|AUD445.3: Day 3|
Continuing to build the audit program, Oracle specific risks such as links, parameters, data integrity controls and auditing will be discussed. Links provide database to database communication and therefore can be a risk to the database. Students understand the important privileges and parameters to look at, as well as controls that should be in place related to backups and auditing.
CPE/CMU Credits: 6
Backups, DRP and BCP
Restricting Tools and Data Integrity Controls
Students need to bring a laptop computer with an Ethernet network card and a CD-ROM drive. Students should use Windows and have a functional Oracle 11gR2 or later client installed with SQL*Plus. The Oracle client software can be downloaded from Oracle's Web site. Students will also need the capability to set an IP address and install tools on the system. Additional tools such as Oracle Enterprise Manager are not required.
Please download the install instructions for this class here.
If you have additional questions about the laptop specifications, please contact email@example.com.
|Who Should Attend|
|Other Courses People Have Taken|
Other Courses People Have Taken
|What You Will Receive|
The course CD includes audit queries, scripts and tools that will assist in conducting an Oracle Database audit.
Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.
*CPE/CMU credits not offered for the SelfStudy delivery method