Oracle Security By William Heney, Marlene Theriault
Table of Contents
Chapter 7. Developing a Database Security Plan
7.11 Sample Security Plan Checklist
The following checklist is provided as an aid to ensure that you've identified and addressed all of the necessary areas of interest to your company. The checklist is designed to be a guide for you and your team to ensure that topics that need to be included in your security plan will not be overlooked.
Identified all of the key players?
Obtained management buy-in (at all levels)?
Collected all applicable system and database information?
Identified the specific types of accounts required for each systemboth operating system and database?
Determined who will have authority to approve accounts?
Determined who will create/delete/manage accounts?
Determined a user tracking method and implementation?
Decided how account approval will be performed: email, web site, hard-copy form, etc.?
Identified all affected applications on each system?
Identified a username and password structure?
Determined what constitutes a security breach and the appropriate penalty for each breach?
Identified all sensitive data on the system and created methods to protect that data?
Determined what forms of monitoring will be used?
Determined what forms of backup will be used?
Created recovery procedures to be followed?
Determined the required availability for the database?