What are some steps companies can take to protect their critical financial data?
To provide feedback on this article, contact Robert Westervelt.Why is security a large part of becoming compliant with HIPPA regulations?
HIPPA regulations, which affect all insurance and pharmaceutical companies, require these companies to make sure access to information, such as a customer's medical history and Social Security numbers, is tightly controlled. Companies were required to prove compliance by October of 2003, but many got an extension until later this year.
In response, a lot of companies are documenting their security processes. By doing this, they identify the potential holes. I always check to see if there is a policy that restricts access to information based on who an employee is. For example, a customer service representative shouldn't see all information except for the customers they handle.What is your biggest concern regarding security?
Securing Oracle is not difficult, but some companies don't follow the most basic steps. Actually it only takes a little bit of diligence and systematic thinking. The first is making sure that the Listener service is kept up to date and that a password is set on it. Companies also fail to realize that by using Oracle's SQL*NAT function, you can create a simple firewall for the database at no additional cost. Lastly, Oracle's row-level security feature provides access control at the individual row level. Rather than opening up an entire table to any individual user who has any privileges on the table, row-level security restricts access to specific rows in a table.