Product Description

Sharing secrets for the effective creation of auditing mechanisms for Health/Insurance Portability and Accountability Act of 1996 (HIPAA) compliant Oracle systems, this book demonstrates how the HIPAA framework provides complete security access and auditing for Oracle database information. Complete details for using Oracle auditing features, including auditing from Oracle redo logs, using system-level triggers, and using Oracle9i fine-grained auditing (FGA) for auditing of the retrieval of sensitive information, are provided. Examples from all areas of auditing are covered and include working scripts and code snippets. Also discussed are the use of the Oracle9i LogMiner to retrieve audits of database updates and how to implement all Oracle system-level triggers for auditing, including DDL triggers, server error triggers, and login and logoff triggers.

Product Details

• Amazon Sales Rank: #202219 in Books
• Published on: 2003-12-01
• Original language: English
• Number of items: 1
• Binding: Paperback
• 655 pages

About the Author
Arup Nanda has been an Oracle DBA in areas such as design, modeling, performance tuning, and backup and recovery. Currently he is working on the HIPAA database design for a large U.S. national insurance company. He is a frequent speaker at Oracle-related conferences such as IOUG Live, has written several Oracle-related articles, and is on the editorial board for SELECT Journal, the publication of the International Oracle Users Group. He is the founder of Proligence, Inc., a company that provides specialized solutions on Oracle technologies such as replication, standby databases, security evaluations, and HIPAA implementations. He lives in Norwalk, Connecticut. Donald K. Burleson is the author of 16 Oracle database books and is the editor-in-chief of Oracle Internals. He is an Oracle consultant with extensive experience designing and implementing Oracle8 databases, including systems architecture, project management, data warehouse design, implementation and tuning, tuning massively parallel Oracle databases, Oracle SQL tuning, using Oracle with SAP, and tuning very large Oracle databases. He lives in Kittrell, North Carolina.

Customer Reviews

Simply Superb!
I bought this book to learn more about Virtual Private Database which I am implementing now - and it was a pleasant surprise see that not only that but all other areas are detailed as well. The chapter on VPD goes much beyond the Oracle common references and explains concepts like application contexts, in such clarity and relative to to real life examples that the chapter alone may be worth the price of the book.

Other things that make the book must read - the material on listener security, a simple firewall settings, fine grained auditing, and the 10g features. SQL Injection and Application User models described in the book were exactly what we were missing and we got it in this.

Hmmm..why the large fonts?!!

Excellent and comprehensive read for DBAs and CIOs alike
Agreeing with other reviewers on the astounding attention to the details, the depth of coverage, and extremely useful examples, I would like to add another perspective: this book is also an excellent read for those IT Management types who wants to get familiar with the concepts but not get buried in the details. The book introduces the topics gradually, making it available for CIOs, Security Officers, IT Managers (who can stop reading before the detailed examples) and to Senior DBAs (who can but won't skip the introductory chapters because the text is so well written and so engaging). Excellent and comprehensive read for the entire spectrum of IT professionals! A must read for those in Healthcare or for any public corporation.

Great Content and Organization; Must have for Security Folks
What makes a good book? Topic and coverage count less than half of it; the key is the presentation. In this book the contents have been presented in a very logical manner - you would go from simple security concepts to larger and more complex issues. The best parts are perhaps the neat summaries at the end of the chapters, a bulleted list of points covered.

The most valuable part of the book, in my opinion, is the practical advice it imparts in building an Oracle database with security in mind. Take for example the section on building a virtual private database where the database users are not relevant, such as in a web interface. The chapter explains not only how to do it, but comes complete with the code to implement in action! Just loved it!

Little snippets of information such as alter session privilege is not required for any session altering commands like sort area size, etc., are pure gems. Debunking these fallacies is nothing new in books of similar kind; but this book has more of these and also in a caterigical manner which makes it easy to comprehend. Other non- or little-documented tidbits like the way a listener password is set, are also very useful.

The chapter on Oracle 10g is good; but not useful at this time. Most likely the authors wanted to bullet-proof the book for the new version of Oracle. I had downloaded the chapter from OTN earlier.

My only complaint - the book is too thick to lie flat, required for a book of this nature, i.e. reference.