Attempting to secure an Oracle database by using just a checklist is a flawed idea. I say this even after creating some of the checklists that exist. I wrote the SANS Security Consensus Operational Readiness Evaluation (SCORE) checklist and the SANS Step-by-Step guide, and my step-by-step guide was used as the basis for the Centre for Internet Security benchmark version 1. So I speak with authority. Using checklists per se is not flawed; the measures and details in them are still useful and if followed will in general result in a more hardened database than if you didn’t follow the steps in them. But imagine that you download the CIS benchmark version 3; hundreds of pages and an even bigger number of checks are included. If you diligently sit down and follow and apply all recommendations, you would most likely be looking at man years of effort to complete all the checks. But after all of that effort, would your credit card data be secure? No! Why is that?
Unable to display preview. Download preview PDF.