There are lots of baseline materials to build security policies for Oracle RDBMS (Relational Database Management Systems). Usually, these systems are referred to as RACs because Real Application Clusters are very common.
- Oracle Security Plans
- Oracle Security Policies
- Oracle Security Standards
These are written down to reduce the amount of hearsay, and to build certain reference standards, which can be used to derive company-specific security policies or Oracle DBs.
Oracle DB - Enterprise Security wiki
Why do we need to protect the SYS account?
Any good Oracle DBA (DataBase Administrator) knows that you need to protect the
SYS account. – But what is
This account can perform all administrative functions. All base (underlying) tables and views for the database data dictionary are stored in the SYS schema. These base tables and views are critical for the operation of Oracle Database. To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated only by the database. They should never be modified by any user or database administrator. You must not create any tables in the SYS schema.
SYS account password needs to be changed regularly, and the passwords should have a certain complexity.