Oracle Database Auditing in CobiT

Oracle Database Auditing in CobiT
CobiT is a framework created by ISACA for information technology management and IT governance. CobiT is often used to help comply with regulations such as Sarbanes-Oxley or HIPAA
CobiT is subject to interpretation by organizations based on business needs, technologies, products, and more. Blue Core Research performed an analysis and interpretation of CobiT with relation to auditing requirements in Oracle databases.


The CobiT framework can be interpreted and adapted by each organization based on their needs and maturity level. While parts of CobiT explicitly require Oracle database auditing, other parts call for security measures that could include it.
For more detail and a better understanding of Oracle database auditing in CobiT, read the detailed analysis.
Oracle database auditing requirements in CobiT fall into these categories:
  • Infrastructure Auditing – an explicit requirement to audit activity across the entire infrastructure
  • Changes to infrastructure and security – an explicit requirement to audit changes in infrastructure (e.g. schema changes in Oracle databases), and changes in security (e.g. user, roles, privileges in Oracle databases)
  • Data Protection – a requirement to protect data as it moves through the IT infrastructure. This can include auditing of data access and data processing in the Oracle database
  • Supervision – a requirement to supervise IT personnel. This can include auditing of DBA and privileged user activity in Oracle databases
  • Application – a requirement that includes auditing the activity of certain applications. This should include auditing of the database used by the application
  • Risk & Controls – the general risk-control approach that depends on the environment. In most cases, it includes Oracle database auditing as part of the controls
While every Oracle database environment is different, our initial recommendation is to cover:
  • User Logons – monitor users, programs, machines, etc that connect to the database
  • Complete Picture – an automated feature in Core Audit that maintains summarized forensic information on all the activity in the database
  • Security Changes – monitor changes to the security infrastructure by auditing changes to users, roles, and privileges
  • Change Control – monitor changes in the infrastructure by auditing changes to schemas and to the Oracle database
  • Sensitive Data Access – alert or report on unusual or suspicious accesses to sensitive data
  • DBAs & Privileged Users – supervise DBAs and Privileged users by monitoring their activity
  • Application Account – monitor all activity in the application account that does not originate from the application
  • Source Anomaly – alert on Oracle accounts, programs, machines, OS users, or combination of those that haven’t been seen recently

Data Capture

Data Capture
Implementing Oracle database auditing always poses multiple challenges, the most difficult of which is the data capture. Data capture is the method used to collect the audit information from the Oracle database and transport it to the secured audit server.
This issue is problematic because of the data volumes. Oracle databases process thousands if not tens of thousands of SQLs per second, and auditing each one has the potential of slow the database to a halt.
In order to successfully deploy an Oracle database auditing solution on a production Oracle database, the first and most important requirement is Full Capture with Low Overhead – the ability to capture all the Oracle activity without impacting the production system. Blue Core Research developed Full Capture and Core Audit is the only product capable of capturing all the Oracle database activity at less than 3% overhead.

Data Processing

Additional challenges in implementing Oracle database auditing relate to vast volume of information that needs to be processed, stored, analysed, reported on, and retained online.
Being a fully featured Oracle database auditing solution, Core Audit comes built-in with everything needed, including reports, alerts, analysis engines, forensic tools and more.
To provide additional value to the IT infrastructure, Core Audit can also feed most SIEM solutions using SYSLOG or CEF. Giving SIEM visibility into Oracle database activity can enhance the correlation and analysis performed by SIEM solutions.

What's next?

I want to know more about Core Audit!
Great! Here are a few options:
  • Read more about Core Audit features, reports, etc.
  • Try our Online Demo and play with Core Audit right now
  • Ask for a Personal Demo from one of our experts and get all your questions answered
  • Download a Free Trial and experience Core Audit on your systems
I only want more information, not a product
Not a problem, here is a list of relevant pages, and we are always available to answer any question
  • CobiT detailed analysis – Read
  • General guide to Oracle database compliance – Read
  • Oracle database compliance – Read