Chapter 7. Developing a Database Security Plan

There are many steps to securing your system and its data. But one of the first—and one that too few organizations take—is the development of a security policy that outlines and maps out the enforcement of a security plan. We’ve included this chapter as the first one in the “Implementing Security” part of this book because we believe that the creation of security policies and the implementation of a security plan must precede the more operational steps of securing your system and database.

What’s the difference between a security plan and a security policy? A security policy identifies the rules that will be followed to maintain security in a system, while a security plan details how those rules will be implemented. A security policy is generally included within a security plan. A security plan might be as simple as a verbal statement from the highest-level management that all accounts on a system must be protected by the use of a password. Or a security plan might be a thick document spelling out in great detail exactly how security will be implemented within the company’s systems. Just as there are many individual needs and many different approaches to security, there are many types of database security policies. We’ll present many aspects of these policies in this chapter; some may or may not apply to your specific organization. A checklist at the end of this chapter provides a resource you’ll be able to use to evaluate which ...

Get Oracle Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.