First page Back Continue Last page Summary Graphic
Another side of security planning is called incident response. As the name implies, it is what you, the administrator will do if you are cracked. Will you ignore it and continue to march? Reformat and reinstall from backups? Rebuild your entire Oracle db from scratch?
Who will you alert? NoVALUG SecSIG? USA Today? CERT? DARPA? Not tell anyone and just suffer in silence?
You should also consider the term "incident" and tailor your responses. A scan does not warrant the same response someone gaining root on your system.