[Previous entry: "Oracle security presentations"] [Next entry: "Security analysis of the JInitiator buffer overflows"]
Make Oracle PCI compliant
September 11th, 2007 by Pete
Post to del.icio.us
Post to Furl
Damon sent me a good link to an 11g Oracle security paper on Oracle's web site that is worth mentioning here. The paper is titled "Oracle Database Security and the Payment Card Industry Data Security Standard" and is not a bad paper in terms of listing the PCI requirements and trying to relate them to the Oracle features that could be used to satisfy the requirement. This section is very "add-on" centric, such as recommending Oracle Database Vault and Oracle Audit Vault and Oracle Advanced Security Option and more. A lot of Oracle customers dealing with PCI probably would not have these addtions enabled. The paper would have been better if it offered "free" -in terms of the solution being available in your normal license - solutions instead or at least as alternatives. That said the paper is not bad as it gives anyone dealing with credit cards and PCI compliance with an Oracle database a head start.
