Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 









Oracle Auditing and Data Privacy

Don Burleson


Burleson is the co-author of the bestselling book "Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes-Oxley & The Gramm-Leach-Bliley Act GLB", by Rampant TechPress.

Managers have realized that the information gleaned from audit trails of database activity can be the company's single largest data resource. They also recognize that their audit trails provide a temporal "third dimension" of their information, a valuable time-series view of their production systems that contains all-important behavioral aspects of their data access.

The main points of this paper addresses the issues of the highest concern to IT management.

Avoiding business risk and meeting the demands of customers and business partners - While the laws demand a thorough and comprehensive approach to privacy and auditing, the most important reason for protecting your data integrity is your professional reputation.

Satisfying the auditors - Implementing best practices including Segregation of Duties - When considering the Build vs. Buy approach, it should be carefully considered that systems administrators, database administrators and developers cannot have direct access to the auditing solution because exposures result when they have intimate knowledge of the internals of the audit mechanism.

Avoiding civil and criminal penalties - Data asset management practices must address business, operational, legal and compliance needs. Many of the Federal laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Sarbanes Oxley Act (SOX) and the Gramm Leach Bliley Act (GLBA) change the way that databases are secured and audited and some of these federal regulations impose severe criminal penalties for non-compliance and malfeasance with protected data. Non-compliance with these regulations can also expose your company to multi-million dollar civil lawsuits from customers if their private information has been improperly disclosed.

These are just a few of the concerns of the IT manager in this brave new world of security, privacy and regulatory compliance. Your customers and business partners expect you to have a complete privacy auditing solution. Let's take a closer look at the issues and see how you can protect yourself from the common pitfalls and implement a comprehensive and manageable solution.

Let's explore the important areas of Oracle data privacy and auditing:

Developing a Corporate-wide Oracle Auditing Framework

Critical audit system features - Minimizing Auditing Performance Overhead, Real-time notification, and long-term retention of audit trails

The Auditing Traps

Auditing Privilege/permission and Logon events

I've tried to articulate the challenges for the IT department which can be summarized into two kinds of business risk categories. First, there is inherent risk in managing corporate data. IT is responsible for the integrity and security of the data which the organization relies on to manage the business. Secondly, the increasing regulatory environment is creating new demands from the executive team and auditors that IT be able to demonstrate exactly who's accessing or changing what data, and how.

We examined the requirements for an enterprise auditing solution, which can be summarized as:

  • Comprehensive capture of all database activity

  • Supports multiple database platforms

  • Architected for performance

  • No "backdoors" - captures activity of privileged users with direct database access

  • Alerting for early detection of issues

  • Reporting capabilities to derive business value from audit data

  • Adheres to auditing and IT best practices, including segregation of duties

Get the Oracle auditing book, click here

For an excellent Oracle auditing product, click here



Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster


Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.