Soluciones de Oracle para la Auditoría, Seguridad y Gobierno de TI


Published on

Presentación de mi proyecto de final de carrera en Oracle.

Muestra un breve resumen del mismo, no incluye la parte teórica de auditoría de sistemas de información y se centra sobre todo en aspectos prácticos relacionados con la seguridad de los datos y en como se puede cumplir con la LOPD usando muchos de los productos de los que Oracle dispone.

Published in: Technology
1 Comment
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • alter table account modify (ssn decrypt)Also consider the use of indexes. In the above example, let's assume that there's an index on the column SSN, namedin_accounts_ssn. If the query against the ACCOUNTS table has an equality predicate, as follows,select * from accounts where ssn = '123456789'; the index in_accounts_ssn is used. If the query instead uses a LIKE predicate, as in select * from accounts where ssn like '123%'; the index will be ignored, and a full table scan will be used. The reason is simple. The B-tree structure of the index makes sure that values with the same first few characters—"fraternal", "fraternity", and so on—are physically close together. When processing a LIKE predicate, Oracle Database 10g searches the index entries via a pattern match, and physical proximity helps speed up the index search, which is better than the full table scan.However, if the column is encrypted, the actual values in the index are very different (since they're encrypted), and thus they'd be scattered all over the index. This makes index scans more expensive than full table scans. Hence, in this LIKE predicate query example, Oracle Database 10g chooses to ignore the index and does a full table scan.In the case of equality predicates, the specific index entry is searched instead of a number of values following a pattern. So, an execution path using the index is faster than a full table scan, and the optimizer chooses to use the index. When you're deciding which columns to encrypt, consider how encryption affects indexes, and be aware that you might want to rewrite certain queries involving encrypted columns.
  • AV Server InstallAV AgentInstallConexión con AV Server hostname:port:servicename
  • The audit records generated through the BY ACCESS audit option have more information, such as execution status (return code), date and time of execution, the privileges used, the objects accessed, the SQL text itself and its bind values. In addition, the BY ACCESS audit option captures the SCN for each execution and this can help flashback queries.Oracle Database records separately each execution of a SQL statement, the use of a privilege, and access to the audited object. Given that the values for the return code, timestamp, SQL text recorded are accurate for each execution, this can help you find how many times the action was performed.The BY ACCESS audit records have separate LOGON and LOGOFF entries, each with fine-grained timestamps.
  • Create user-defined reports to filter specific data.Send the report to other users as a PDF file.Schedule the report to be generated at specific times and then sent to users as a PDF file. You can create an e-mail distribution list, called a profile, to be used specifically for different types of reporting and alert activities.
  • ×