Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, October 13, 2010

Best Practices For Oracle And Database Patching

As Oracle prepares to dump a passel of 81 security fixes on its user base—including seven critical patch updates (CPUs) for its database product—many database administrators are preparing to patch their Oracle database platforms accordingly.  According to a recent survey of its members, only 37 percent of organizations patch their systems within the same three-month cycle that CPUs are released. Approximately 28 percent either take a year or more to patch, have never applied a CPU, or don’t know how long it takes them to patch their databases.

“I find it funny that there are patches everywhere else that are applied on a regular basis to machines like desktops and so on, but it is still not a general practice for the databases,” says Michelle Malcher, director of education for IOUG and a DBA and team lead at a Chicago-based financial firm.

She recommends garnering executive buy-in with cooperation of DBAs and security team: Many DBAs are up against the wall with diminishing maintenance windows and uptime demands by management and application owners that make it near impossible for them to meet and still apply patches on schedule.

“Honestly, the first step is not to necessarily install all of the components of the Oracle database if you’re only using specific components,” Malcher says.

Posted on 10/13