Oracle Privacy Security Auditing Includes Federal Law Compliance with HIPAA, Sarbanes-Oxley & The Gramm-Leach-Bliley Act GLB
Donald K. Burleson & Arup Nanda Retail Price $59.95 / £37.95
Order now and get immediate access to the code depot!
Only $39.95 (30% off)
Arup Nanda named "DBA of the Year" by Oracle Corporation!
Written by one the world's most widely-read developers and author of best-selling Oracle books, Don Burleson and Arup Nanda target their substantial knowledge of Oracle Internals to this important book. With decades of experience installing Oracle auditing, Arup Nanda shares secrets for the effective creation of auditing mechanisms for HIPAA compliant Oracle systems. The Health/Insurance Portability and Accountability Act of 1996 (HIPAA) was created to ensure privacy for medical patient data. HIPAA requires complete auditing to show everyone who has viewed confidential medical patient information. This permeates from Hospitals, insurance companies, and dozens of healthcare related industries. HIPAA is a framework that provides a complete security access and auditing for Oracle database information. This book provides complete details for using Oracle auditing features, including auditing from Oracle redo logs, using system-level triggers, and using Oracle9i fine-grained auditing (FGA) for auditing of the retrieval on sensitive information. Best of all, Burleson & Nanda share dozens of working samples in his online code depot. Examples from all areas of auditing are covered with working scripts and code snippets. Your time savings from a single script is worth the price of this great book.
* Provides a complete conceptual framework for all areas of Oracle auditing. * Covers HIPAA requirements and shows Oracle techniques for enforcing HIPAA requirements inside the Oracle database. Offers fast working examples for basic Oracle auditing techniques and scripts. * Show the use of the Oracle9i LogMiner to retrieve audits of database updates. * Shows how to implement all Oracle system-level triggers for auditing, including DDL triggers, servererror triggers, and use login and log-off triggers. * Provides working code examples for auditing the viewing of sensitive information using triggers and Oracle9i fine grained auditing (FGA).
About the Authors:
Arup Nanda
Arup Nanda is the recipient of the coveted DBA of the Year 2003 award by Oracle Corporation. This award is among the most highly coveted in the database industry, and each year only one of more than a quarter million Oracle professionals is honored by this distinction. A decade of experience as a DBA has made Arup an expert in many Oracle areas including Oracle Design, Oracle Modeling, Oracle Performance Tuning and Oracle Backup & Recovery.
Arup is a frequent speaker in many Oracle related conferences including IOUG Live and has written several Oracle related articles in technical journals in the US and Europe. He is on the editorial board for SELECT Journal, the publication of the International Oracle Users Group.
Don Burleson
Table of Contents:
Index:
_ _trace_files_public
A Access Control List admin_restrictions all_def_audit_opts all_policies app_ctx app_users application context aud$_combined audit_actions audit_column audit_condition audit_file_dest audit_sys_operations audit_trail authentication_level
C client_identifier connect_time Context Based Access crypto_checksum_client
D Data Definition Language Data Manipulation Language dba_audit_exists dba_audit_object dba_audit_policies dba_audit_session dba_audit_statement dba_audit_trail dba_col_privs dba_fga_audit_opts dba_fga_audit_trail dba_obj_audit_opts dba_policies dba_policy_groups dba_priv_audit_opts dba_role_privs dba_source dba_stmt_audit_opts dba_sys_privs dba_tab_privs dba_views dbms_fga dbms_fga.add_policy dbms_fga.drop_policy dbms_flashback dbms_lock dbms_obfuscation_ toolkit dbms_rls dbms_session dbms_shared_pool.keep dbms_storage_map DBSNMP dbsnmp0 decrypted_data Designated Record Set Digital Encryption Standard Discretionary Access Control
E enable encrypted_data encrypted_string encryption_client encryption_server
F failed_login_attempts Federal Information Processing Standards fga_audit fga_log$ Fine Grained Access Control function_schema
G get_system_change_number Gramm-Leach-Bliley Act
H handler_module
I identity theft idle_time input input_string input_vector iv iv_string
K Kennedy-Kassenbaum Bill key key_string
L l_user_id
M Mandatory Access Control Materialized View mts_dispatchers
N Network Address Translation
O object_name object_schema ops$ optimizer_goal optimizer_mode ORA-02289 ORA-12546 ORA-28110 ORA-28112 ORA-28113 ORA-28115 ORA-28116 os_authent_prefix osauth_prefix_domain OUTLN
P password_grace_time password_life_time password_lock_time password_reuse_max password_reuse_time password_verify_function passwords_listener Patient Health Information PERFSTAT policy_function policy_name policy_type present_dba_obj_ audit_opts Protected Health Information ps –aef
R remote_os_authent
S Safe Harbor Act Safe Harbor Law save_config_on_stop sec_relevant_cols servererror_log session_context session_roles sessions_per_user
Set User ID Bit set_user_role Snapshot snmp_rw.ora SQL Injection sql_trace sqlnet.crypto_seed sqlplus_product_profile statement_types static_policy stats$ddl_log stats$sysstat stats$user_log stats_user_log stmt_audit_option_map sys_context system_privilege_map
T table_privileges TKPROF TRACESVR tracing Transparent Network Substrate
U update_check user_audit_trail user_dump_dest user_obj_audit_opts user_policies utl_file utl_file_dir
V v$circuit v$db_object_cache v$session Virtual Private Database VISA USA Cardholder Security Agreement
W which
Reader Comments
Other things that make the book must read - the material on listener security, a simple firewall settings, fine grained auditing, and the 10g features. SQL Injection and Application User models described in the book were exactly what we were missing and we got it in this.
A reader from San Diego says:
I haven't finished reading my copy yet, but I had to chime in to concur with the previous reviews: this book is terribly well laid out. The writing is clear and descriptive, but almost as important, it's rather engaging. That helps when trying to dig to the bottom of these often daunting security concepts.
Another reviewer covered this, but I have to say that my favorite parts are also the chapter summaries. They do a great job of recapping the details that were covered. Having all that information covered in such depth is great, but I'd probably have forgotten each chapter's contents had there not been that nice, succinct conclusion at each one's end.
Structure of this book is in three sections:
Section I gives an introductions to HIPAA, Oracle security and Oracle auditing. Among the topics covered are grant, role-based, and profile based security, as well as virtual private databases (row-level security, fine-grained access control), and application server security.
Section II goes deeper into general Oracle security, covering relational grant security as it relates specifically to HIPAA (but can be also used for Gramm-Leach-Bliley and Sarbanes-Oxley compliance because the requirements are similar regarding these mechanisms and techniques). Also covered are encryption and network security.
Section III deals with auditing using Oracle facilities, tables, DDL and DML, and covers the spectrum from grants auditing to fine-grained audits. Again, the focus is on HIPAA requirements (Chapter 11, for example, contains the following topics: Auditing select access as per the HIPAA mandated auditing of Patient Health Information, and Combining FGA and Flashback queries to answer the most important question in addition to who saw the data, what they saw.) This section ends with HIPAA security and auditing checklists, which can be also applied to Sarbanes-Oxley and Gramm-Leach-Bliley security and auditing.
This book is an outstanding addition to bodies of knowledge spanning three disciplines - internal auditing, DBA, and IT security & privacy. A copy should be provided to managers and subject matter experts in each of those domains.
SAN: 2 5 5 - 1 3 1 4
