1) Aside from:
- applying the latest security patches,
-ensuring you enforce strong passwords and password policies (non default passwords for DB accounts),
- assign only the appropriate permissions to those database accounts,
- ensure the database files are only accessible on the hosting server by the appropriate admin,
What other security best practices are there (specific to the oracle database product not the hosting OS) that should be considered?
2) Where exactly can you see where the RMAN backup is being written to?