RE: security against dba´s

["Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>]

I am curious about the repeated argument "if you don't trust your DBA's, hire/promote someone you can trust".
Is that a common perception?
I am personally of the belief that no one is to be trusted and my system designs should be reflecting this.

Nick

-  -----Original Message-----
-  From: rohnskii () gmail com
-  Subject: Re: security against dba´s
-
-  re your points:
-
-  1- inform all employees, not just DBA
-  2.1- log all access, not just DBA
-  2.2- what sort of access
-
-  Look, if you don't trust your DBA's, hire/promote someone you can
-  trust.
-
-  Another part of the access you should monitor is separate from just
-  the CRUD access to, and monitored by, the DB.  Track files/data
-  downloaded to USB devices, in other words network endpoint control
-  (NAC).
-
-  For example, it could be natural for me as a DBA to Read production to
-  my terminal.  But it is probably NOT natural for me to download the
-  READ data to a USB device.
-
-  Again, that type of access control should not be exclusive to DBA, it
-  should be corporate wide.

This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, 
confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby 
notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in 
reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please 
notify the sender that this message was received in error and then delete this message.
Thank you.