Scribd Logo
Carica

Benvenuto in Scribd!

  • Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ

    Caricato da

    Carl Terrantroy
    71 visualizzazioni59 pagine
    Oracle 9ir2 has 5 security features compared to 9ir1's 9 features. Water damage, Human Error and Software Failure are the leading contributors to down time. How many security features does Oracle have for 9iR2?

    Descrizione originale:

    Titolo originale

    5 - carl terrantroy

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Oracle 9ir2 has 5 security features compared to 9ir1's 9 features. Water damage, Human Error and Software Failure are the leading contributors to down time. How many security features does Oracle have for 9iR2?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    71 visualizzazioni59 pagine

    Oracle Security Solutions: Carl Terrantroy Director Technology Initiatives ANZ

    Caricato da

    Carl Terrantroy
    Oracle 9ir2 has 5 security features compared to 9ir1's 9 features. Water damage, Human Error and Software Failure are the leading contributors to down time. How many security features does Oracle have for 9iR2?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 59

    Oracle Security Solutions

    Carl Terrantroy
    Director Technology Initiatives ANZ
    ? 226 Million is…...

    1. Noted data breaches to date

    2. The population of the USA

    3. What you should earn

    4. # of digits a Pentium CPU can calculate pi to


    3 Primary Security
    Challenges Today
    1
    Business Information
    is Not Secure Today

    • Many Forms of Information

    • Many Stores for Information

    • Many Users

    • Complexity - Defining Policies


    & Detecting Violations
    2
    Costs to Secure
    Information Escalating
    • Many New Applications

    • Many New Self-Service Users

    • New Forms of Vulnerability &


    Security Policies

    • Manual Forensic Process to


    Detect Policy Violations

    • Legislative Changes
    3
    Integrating Security with
    Systems Challenging
    • Multiple Point Applications

    • Multiple Security Solutions

    • Limited Integration across


    Identity Lifecycle

    • Limited Integration with


    Auditing & Controls
    Natasha Stott Despoja Did Not
    ? Introduce The Following Members
    Bill
    1. Paid Maternity Leave

    2. Data Security Breach Notification

    3. Same Sex Marriages

    4. Climate Change
    And the winner is…
    ? How many security features does
    Oracle have for 9iR2 ?
    1. 5

    2. 9

    3. 10

    4. 12
    ? What Is The Leading Contributor
    For Unplanned Down Time?
    1. Water Damage

    2. Human Error

    3. Software Failure

    4. Other
    ? The Choice Is Yours

    1. Comprehensive Data Protection

    2. Comprehensive Identity & Access Management

    3. Comprehensive Controls Enforcement

    4. Legislative Pressures
    1 Comprehensive
    Data Protection
    1 Comprehensive Data Protection

    1. When Sent Over Network

    2. When Stored in Database

    3. When Distributed Outside Database

    4. When Archived or Backed Up

    5. When Administered
    Oracle Data Protection Solutions

    Oracle Advanced Security


    Network Encryption
    Database Encryption

    Oracle Information Rights Management


    Protect Distributed Documents

    Oracle Secure Backup


    Protect Database Archives

    Oracle Database Vault


    DBA Access Control
    Oracle Advanced Security
    Network Encryption

    Benefits
     Strong encryption for data in flight
     Transparent to applications
     Easy to implement
    Oracle Advanced Security
    Transparent Data Encryption

    Benefits
     Strong encryption for data at rest
     No application changes required
     Efficient encryption of all application data
    Oracle Information Rights Management

    Benefits
     Secure unstructured data / documents
     Prevent data leakage from ad hoc
    distribution
     Centrally enforce entitlements
     Audit document access and usage
     Digitally “shred” documents
    Oracle Secure Backup

    Benefits
     Secure data archival
     Easy to administer key management
     Fastest Oracle Database tape backups
    Oracle Database Vault

    Benefits
     DBA separation of duties
     Securely consolidate databases
     Enforce whom, how, where, and
    when
     No application changes required
    Finance DBA
    ? What product controls documents
    outside the firewall?
    1. Data Vault

    2. Secure Backup

    3. Information Rights Management

    4. mySQL
    And the winner is…
    ? Do You Want More Information On?

    1. Data Protection

    2. Backup Protection

    3. Uptime Protection
    2
    Comprehensive
    Identity and
    Access
    Management
    2 Comprehensive Identity & Access Management

    1. Store & Virtualise Identities

    2. Provision Identities & Roles

    3. Manage Access to Systems

    4. Federate Identities
    Oracle Identity Management
    Solutions

    Oracle Directory Services Oracle Access Manager / Enterprise SSO

    LDAP Directory Web Access Control


    Virtual Directory Single Sign-On

    Oracle Identity Manager Oracle Adaptive Access Manager

    Identity Administration Consumer Authentication

    Oracle Role Manager Oracle Identity Federation

    Business Role Management Secure Cross-Domain Authentication


    Oracle Directory Services
    Portal and Enterprise Custom
    J2EE Applications Applications
    Applications

    Benefits
     Centralized, secured identity data
     Real-time integrated view of disparate
    data stores

    Virtual Directory
     Oracle Database scalability & reliability
     Rapid application deployment

    Active
    Oracle Directory Databases
    LDAP Mainframe
    iPlanet, X500
    Oracle Identity Manager
    Benefits
     Automated user on-boarding and off-boarding
     Sustainable cost-efficient compliance
     Improved security and policy management Email

    Marketing

    Forecasts

    Employee Expenses
    Lifecycle
    Benefits
    Oracle Role Manager
    Business
    Roles

    Provisioning
    Workflow

    IT Roles

    Business
    Process
    System Privileges Workflow

    Business Operation Context

    Benefits
     Single authoritative source for business roles
     Rapid role mining and modeling
     Reduced identity administration costs
    Oracle Access Manager
    Oracle Enterprise Single Sign-On
    UN/Password Kerberos Biometric Smart Card

    Web Access and Single Sign-On

    e-mail / Mainframe
    Outlook

    Benefits
     Centralized authentication and SSO
     Consistent policy enforcement
     Improved end user experience
    Oracle Adaptive Access Manager

    Secure Mutual Authentication

    • Real time analytics


    • Pattern and anomaly detection
    Device & Geo-location Forensics
    • Risk Scoring
    • Step up authentication

    Benefits
     Proactive, real-time fraud prevention
     Contextual authentication/authorization
     Web-based software only – easy to deploy
    Oracle Identity Federation
    Benefits
     Secured integration with partners
     Reduced administration cost
     Improved end user experience
    3
    Comprehensive
    Controls
    Enforcement
    3 Comprehensive Controls Enforcement

    1. Define Operational Controls

    2. Detect Policy Violations

    3. Audit Policy Violations


    Oracle GRC Solutions
    Oracle GRC Manager
    Policy documentation

    Oracle GRC Intelligence


    Reporting and dashboard

    Oracle GRC Controls Suite


    Segregation of Duties

    Oracle Audit Vault


    Audit data consolidation
    Oracle GRC Manager & GRC Intelligence
    Benefits
     Manage multiple global compliance mandates with one system
     Align policies and processes with best practice risk and control
    frameworks (COSO, COBIT, ITIL, etc.).
     Remediate exceptions from both manual and automated control tests

    Why? What? How?


    Mandate Business Process Control Policy
    PCI

    SOX Risk
    404 Impact
    FFIEC
    Likelihood
    CASB
    1386
    Application
    EU
    Privacy
    Directive
    HIPAA
    Framework
    FDA ISO | COSO | COBIT | ITIL
    Oracle GRC Controls Suite
    User: John Doe
    Role: Shipping Clerk

    Function: Tracking POs

    Benefits
    Role: Shipping Supervisor

     Enforce segregation of duty


    Function: Purchase Orders controls in enterprise applications
    Form: Receiving
     Apply best practice application
    Tab: Review PO setups and reduce "drift"
    Correlate Events
    and Detect  Detect and prevent erroneous and
    Policy Violation Action: Submit PO
    fraudulent transactions

    Transaction: Order 123


    Action: Signature Receipt

    Vendor: Acme
    ? Do You Produce Audit Reports

    1. Yes

    2. No
    Oracle Audit Vault
    Alert Alert Alert

    Benefits
    Audit Framework  Securely consolidate audit data
     Simplify compliance reporting
     Detect suspicious activity

    Custom Apps HR CRM ERP Oracle


    Data Data Data Data Databases
    ? What does PCI stand for?

    1. Public Control Information

    2. Personal Computer Interface

    3. Payment Card Industry

    4. Public Confidence Index


    And the winner is…
    4 Legislative
    Pressures
    4 Legislative Pressures

    1. Records Archiving

    2. Records Destruction

    3. Privacy

    4. Index & Searching


    Oracle’s Storey = Simplification +
    Savings
    Number of Controls Spending on SOX Compliance
    Tested (2006) (2006)

    >10k Controls Tested = 5%


    5,001 – 10,000
    Controls Tested $6.3 M
    = 20%

    1,001 – 5,000
    Controls Tested
    = 50% $3.2 M

    500 – 1,000
    Controls Tested
    = 5%
    398 Controls Tested 0-500 Controls Tested =
    5%
    Oracle Companies with $5B-$20B Oracle Companies with $5B-$20B
    Revenue* Revenue*

    Standardized Systems, Processes = Stronger Controls, Fewer Tests = Lower Costs

    *Source: Controller’s Leadership Roundtable, 2006


    Everybody Knows It Makes
    Sense
    “We should adopt a consistent
    approach or methodology for similar
    activities in governance, risk and
    compliance”

    90%
    Agree or Strongly Agree
    Source: 2007 OCEG Benchmark Series: GRC strategy Study
    Yet Few Are Doing It
    “How would you characterise the
    degree of integration between and
    among your governance, risk and
    compliance practices? ”

    Only 16%
    Are Fully Integrated
    Source: 2007 OCEG Benchmark Series: GRC strategy Study
    New Legislation
    Oracle Universal Online Archive

    eDiscovery

    eMail Content Financials HRMS CRM ERP

    Unparalleled Performance
    Records Management
    Open API Auto-Classification
    De-Duplication

    Unparalleled Scalability
    eDiscovery

    1
    2
    3
    Records Management
    API 4
    Auto-Classification
    De-Duplication
    5
    6
    7
    ? When does eDiscovery legislation
    take effect?
    1. 1st July 2008

    2. 1st July 2009

    3. 1st January 2009

    4. 30th June 2008


    And the winner is…
    ? Do You Want More Information On?

    1. eDiscovery

    2. Universal Archive

    3. Both
    ? Do You Want More Information On?

    1. Greening The Data Center


    Summary

    • Datacenters need to change


    – Comprehensive Data Protection
    – Consolidate Audit Information
    • Ask Once, Test Once and Reuse Many
    Questions?
    EVALUATION
    Evaluation - Session 1
    • How did you rate the Content that was
    presented?

    1 5

    Poor Excellent
    Evaluation - Session 1
    • How did you rate the Delivery of the
    presentation?

    1 5

    Poor Excellent
    Evaluation - Session 1
    • How did you rate the value of this
    presentation for your organisation?

    1 5

    Poor Excellent

    Potrebbero piacerti anche