Oracle Auditing request 1173

  • As part of our recent PWC audit we have been asked to turn on auditing on our Oracle database to monitor the insert, delete, update, and alter transactions. This could potentially put a 15 to 20 % strain on our system and we are wondering if anyone can give further information.

  • We had similar discussions with out internal auditors re the underlying SQL database for our ERP system.
    Check with PWC exactly what risk they are looking to address. If it is risk of unauthorised access, then the approach we took was to limit the number of users with access to make direct data updates (limited to certain members of the IT support team).
    Also, we have segregated access to make direct data updates from powerful application menu access (i.e. no one person has ‘god’ rights across both).
    Finally, if PWC insist on you using auditing, try limiting it to a defined set of high risk data tables.
    Hope this helps.

Log in to reply