dcsimg
Results 1 to 2 of 2

Thread: Monitor DBA Access to PHI data

  1. #1
    Join Date
    Nov 2011
    Posts
    1

    Unhappy Monitor DBA Access to PHI data

    I work in an environment where we have multiple DBA's managing a large Oracle Database. We also have PHI data in the database and part of the DBA function is to create views for users that are being provided access to that data.

    The question of monitoring has come up because of the DBA's access to the data, their ability to view it and even do a dump of the database tables that contain the PHI data. Mind you that we are also required to comply with moderate level control for PHI data under a government mandate, which has a non repudiation element. The DBA's can also use third party tools like AquaData Studio to connect to the database directly through the ODBC connection bypassing the main application that provides users access to the data.

    Question: How can we track access and actions performed on the data to a single DBA in a an envrionment where all the DBA have access to the sys database user account. I heard Guardium Security is a possibility but I heard there were issues with it as well.

  2. #2
    Join Date
    Nov 2002
    Location
    New Jersey, USA
    Posts
    3,912
    You should look into Oracle products called Database Vault and Audit Vault.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •