S Analysis of a Threat and How to Protect Your Data. Greg Kelly Product Strategy Manager, PeopleTools
|
|
- Lee Berry
- 6 years ago
- Views:
Transcription
1
2 S Analysis of a Threat and How to Protect Your Data Greg Kelly Product Strategy Manager, PeopleTools
3 THE FOLLOWING IS INTENDED TO OUTLINE OUR GENERAL PRODUCT DIRECTION. IT IS INTENDED FOR INFORMATION PURPOSES ONLY, AND MAY NOT BE INCORPORATED INTO ANY CONTRACT. IT IS NOT A COMMITMENT TO DELIVER ANY MATERIAL, CODE, OR FUNCTIONALITY, AND SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISION. THE DEVELOPMENT, RELEASE, AND TIMING OF ANY FEATURES OR FUNCTIONALITY DESCRIBED FOR ORACLE'S PRODUCTS REMAINS AT THE SOLE DISCRETION OF ORACLE.
4 <Insert Picture Here> Securing Your PeopleSoft Environment 4
5 Agenda Traditional Defense Anatomy of an Attack De-Perimeterization A New Approach to Defense More Information
6 Traditional Defense Fortress Mentality Firewalls DMZ(s) Proxies VLANs Segregated Network Segments
7 Sample Layout
8 Anatomy of Attack - Harvesting Initial Research Company Site About Us Page(s) Jobs and Resume Sites Social Networking Sites e.g. Facebook Twitter Dumpster Diving Social Engineering (Kevin Mitnick)
9 Anatomy of Attack Creating Bots Phishing (spear) Upload Code Taking Control Outbound Standard Ports
10 Sample Spam/Phishing From Subject 2Airline-Tickets Someone has sent you 2 Southwest-Airlines Tickets Career Placement Ready for A Second JOB - FINANCIAL AID For A Career College Grants Thousands of Dollars in college Grants are awarded to people like you creditreport.com View updates to your Credit Report Final Notice "Walmart Coupon inside!" Final Notice FREE FedEx Delivery; Tell us where to send your DELLXPS Laptop!! FinancialAid "Scholarships & Grants are available" Flying Spree Our Records Indicate You may Have 2 Southwest Airlines Tickets freecreditreport.com View updates to your Credit Report Laptop Notification "Test it Free! A Dell package will be shipped to your door!" uro20@yahoo.com Hello!! Which s would your users open?
11 Anatomy of Attack Building Database Dictionary Attack Rules Indicators User Database Anonymous BIND to local LDAP
12 Which Wi-Fi would you choose?
13 Anatomy of Attack - Probing System Under Control Probe Infrastructure Probe Typical Vulnerabilities
14 Sample Available Web Servers from
15 Anatomy of Attack Building the Attack User Credential Database Known Vulnerabilities Local LDAP Build Out Control No Time Limit
16 How long does it take to crack passwords anyway? Mixed upper and lower case alphabet plus numbers and common symbols AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz }~ Password Time to Crack Based on Class of Attack Len Combinations 2 9,216 Instant Instant Instant Instant Instant Class A Class B Class C Class D Class E Class F Instant 3 884,736 88½ Secs 9 Secs Instant Instant Instant Instant 4 85 Mn 2¼ Hours 14 Mins 1½ Mins 8½ Secs Instant Instant 22½ 5 8 Bn 9½ Days 2¼ Hours 13½ Mins 1¼ Mins 8 Secs Hours Bn 2½ Yrs 90 Days 9 Days 22 Hours 2 Hours 13 Mins 7 75 Trn 238 Yrs 24 Ys 2½ Years 87 Days 8½ Days 20 Hours Qn 22,875 Yrs 2,287 Yrs 229 Yrs 23 Yrs 2¼ Yrs 83½ Days example: E. 100,000,000 Passwords/sec - Workstation, or multiple PC's working together. (Licensed under a Creative Commons Attribution-ShareAlike 2.0 License.)
17 How many computers could possibly be working together? Corporations, agencies infiltrated by botnet JORDAN ROBERTSON AP Technology Writer Friday, February 19, "... Security experts have found a network of 74,000 virus-infected computers that stole information from inside corporations and government agencies. The unusual thing about the incident is not that it happened but that it was discovered, and it is a reminder of the dangers of having computers with sensitive data connected to the open Internet"
18 Issues with Internet Explorer Scripts in Text Files Temporary Internet Files Folder and disabled caching
19 De-Perimeterization The huge explosion in business collaboration and commerce on the Web means that today s traditional approaches to securing a network boundary are at best flawed, and at worst ineffective. Examples include: Business transactions which tunnel through perimeters or bypass them altogether IT products that cross the boundary, encapsulating protocols within Web protocols Security exploits that use and Web to get through the perimeter - The Jericho Forum, under the auspices of The Open Group
20 Defense at the Core Transparent Data Encryption (TDE) Oracle Advanced Security Option (ASO) Data at Rest Column and Tableset Encryption Hardware Security Module Protects Against Forensic and Direct Files Access Oracle Database Vault Oracle Audit Vault Oracle Enterprise Manager Data Masking For Non-Production DB Copies
21 Core Protection Audit Vault Database Vault TDE Database
22 Core Protection Monitoring Configuration Management Oracle Audit Vault Total Recall Access Control Oracle Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking
23 Enterprise Manager Data Masking EM Data Masking Production DB Dev DB Test DB Training DB
24 Defense in the Business Logic Layer ASO Network Encryption Data in Flight Oracle Applications Access Controls Governor Oracle Transactions Control Governor (Oracle Information Rights Manager for PS-Reports) Quis custodiet ipsos custodes? 3 people can keep a secret if 2 of them are dead.
25 Protection in the Business Logic Layer Protected DB ASO Application (Business Logic) Server OAACG OTCG
26 Defense in the Presentation (Web) layer Oracle Access Manager Oracle Identity Manager Oracle Adaptive Access Manager
27 PeopleTools 8.50 Delivered Additional Security Enhancements SAML for Web Services JNDI Libraries for LDAP and LDAPS FTPS Support (FTP over secure transport) Enhanced User Profile Synchronization De-Coupled PS_HOME PDF Encryption with XML Publisher Support for Server Based Virus Scanning Engines Customer Configured TDE Algorithm PET Support for Encrypting the Encryption Keys and Secure Data Wipe Additional Hardening
28 PeopleTools 8.51 Features Security Security User Security Extended Password Controls Multiple Session Detection Kerberos Signon SDK Data Security Support for Transport Layer Security Support for SFTP and FTPS
29 Common Questions Vulnerability Testing NIST FIPS Update to Securing Your PeopleSoft Environment Windows workstation as kiosk Issues without hardening Critical Patch Update Addressing Reported and Discovered Vulnerabilities
30 <Insert Picture Here> More Information 30
31 PeopleTools 8.50 Viewlets Now Available Via oracle.com or direct Get helpful insights on many PeopleTools and Collaboration Framework features Topic Areas: Web Services & Integration Broker Life cycle Management Enterprise 2.0 and User Interface Platforms Reporting Security PeopleTools for the Developer General PeopleTools
32 More Information PeopleTools Strategy PeopleTools on Oracle Wiki PeopleSoft discussion forums PeopleTools Blog landing page Open Group Jericho Forum "de-perimeterization": Oracle's Critical patch Update 32
33 Not getting Security and other Alerts? Go to OTN - Oracle Technology Network Look at the upper right hand corner ( Account Manage Subscriptions Sign Out ) Make sure you're logged in, then Click on Manage Subscriptions Scroll down to Opt-in to Oracle Communications Check box for Oracle Security Alerts - Get the latest Security Alerts issued by Oracle as they become available... and any other alert or newsletter you want to receive Scroll down to the end of the page and "Confirm" 33
34 Additional Resources For more information about Oracle Applications For more information about Education For more information about Support For My Oracle Support information For Oracle Product documentation: Certification Information on My Oracle Support Doc id= Technical Updates on My Oracle Support Doc id=
35 PeopleTools 8.50 Information Development Deliverables PeopleTools 8.50 Documentation Homepage PeopleTools 8.50 Hosted PeopleBooks PeopleTools Cumulative Feature Overview Tool Includes direct links to PeopleBooks, PeopleBook Updates, Release Notes, Installation and Upgrade Guides, and more. All accessible from one convenient My Oracle Support location. e?cmd=show&type=not&id= Access a searchable HTML installation of our PeopleTools 8.50 PeopleBook suite. This hosted solution lets you access PeopleBooks using the help link in your applications without having to install PeopleBooks on your own server. Dynamic tool provides concise descriptions of new and enhanced solutions and functionality that have become available between your starting and target releases. The CFO tool can be found on My Oracle Support and on our Doc Home Pages.
36 PeopleTools 8.50 Available Training PeopleTools 8.50 classes available now: PeopleSoft PeopleTools 1 Rel 8.50 PeopleTools II Rel 8.50 PeopleTools I/PeopleTools II - Accelerated Rel 8.50 PeopleSoft PeopleCode Rel 8.50 SQR for PeopleSoft Rel 8.50 Application Engine Rel 8.50 PeopleCode/SQR Accelerated Rel 8.50 PeopleCode/Application Engine Accelerated Rel 8.50 To view a schedule of these classes or new upcoming classes visit Oracle University go to oracle.com/education
37 Related Sessions and More Information
38 PeopleTools Sessions of Interest Monday Time Title Number Location 11:00 Improving ROI by Mastering PS Upgrade Tools & Resources S W2018 PeopleTools 8.50 Upgrade: Details of a Well Managed Project S W2014 2:00 PeopleSoft Enterprise Release 9.1 Adoption and Roadmap General W3002 3:30 Oracle FMW for Oracle Applications Unlimited - Answers S W2014 5:00 PeopleTools Tips and Tricks S Marriott
39 PeopleTools Sessions of Interest Tuesday Time Title Number Location 11:00 PeopleTools Product Roadmap General W :30 PeopleTools Dev Series: Building & Consuming Web Services S Marriott PeopleTools 8.51 Highlights: PeopleTools in Action S W2014 2:00 PeopleTools Dev Series: Mastering PS Reporting Tools S Marriott PeopleTools Insight: Maximize Your PeopleSoft ROI S W2014 3:30 Setting an Enterprise 2.0 Strategy with PS Portal S Marriott 5:00 PeopleTools Insight: Defining a BI Strategy S Marriott PeopleTools Dev Series: Secure Coding Practices S W2016
40 PeopleTools Sessions of Interest Wednesday Time Title Number Location 10:00 PeopleTools 8.51 Highlights: Simplify Upgrade & Maintenance S W2014 Performance Techniques for the PS Middle Tier S W :30 PeopleTools 8.50 Beta Customers: One Year Later S W2014 1:00 PeopleTools Dev Series: Application Performance Tips S W2014 PeopleTools Insight: Implement Data Governance/Compliance S W2016 4:45 Making the Most of PS Query S W2016 PeopleTools Dev Series: Building a Custom Mobile App S W2014
41 PeopleTools Sessions of Interest Thursday Time Title Number Location 9:00 PeopleTools 8.51 Highlights: PeopleSoft Integration Broker S W2014 Platform Update for PeopleSoft Enterprise S W3002 PeopleTools Product Roadmap S W :30 Best Practices for Managing Your PeopleSoft Applications S Marriott The New PS Experience: Enterprise 2.0 Ecosystem S W2014 Building Mobile Solutions for Oracle Apps: Tech Insight S W :00 Monster Mashups: Related Content in PeopleSoft Apps S W2014 PeopleTools Product Team Panel Discussion S W3002 1:30 PeopleTools Insight: The Value Prop of Oracle Technology S W3002 Secure PeopleTools: Analysis of a Threat & Data Protection S W2014 3:00 Bring Your PeopleSoft Apps to Life with Web 2.0 S W3002 PeopleSoft Integration Broker Secrets S W2014
42 Oracle PeopleSoft PeopleTools in Moscone South Oracle PeopleSoft PeopleTools Demo Pods S-106 PeopleSoft PeopleTools Integration Technologies S-107 PeopleSoft PeopleTools S-110 PeopleSoft PeopleTools Reporting Solutions UPK PSFT Hyperion
43 Useful Links Oracle Software Security Assurance Secure Development Process Critical Patch Update PeopleSoft Enterprise Applications (look for "PeopleSoft Information Portal" link) Security Solutions From Oracle PeopleSoft Technology Blog check the links >>> External Security Validations Security Information and Best Practices 2010 Oracle Corporation Proprietary and Confidential
44 Learn More PeopleSoft Information Development Resources Hosted & Mobile PeopleBooks - PeopleTools PeopleBooks are available in three formats: Hosted PeopleBooks, PDF s, and Amazon s Kindle format. All can be accessed here: Doc Home Pages constantly updated direct links to PeopleBooks, PeopleBook Updates, Release Notes, Installation and Upgrade Guides, and other useful product documentation, all accessible from one My Oracle Support location. PeopleTools 8.51 Documentation Home Page [ID ] Information Portal - locate the documentation, training, and other info needed to help with your implementation process. Customers searching for this information should make this their first online destination.
45 Learn More PeopleSoft Information Development Resources Cumulative Feature Overview (CFO)- Providing concise descriptions of new and enhanced solutions and functionality that have become available starting with the 8.4 release through our latest 8.51 release. NOT&doctype=SYSTEMDOC&id= Upgrade Resource Report Tools - helps you find all the documentation, scripts, and files you need for your upgrade project. NOT&doctype=SYSTEMDOC&id= Follow us
46
<Insert Picture Here> Making the Most of PeopleSoft Query
Making the Most of PeopleSoft Query Brent Mohl Applications Technology The following is intended to outline our general product direction. It is intended for information purposes
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13
1 Roadmap Dave Bain PeopleSoft Product Management 2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any
More informationImplementing security from the inside out in a PeopleSoft environment System hardening with reference to the additional concern for insider threat
PeopleSoft supports end to end encryption: browser to web server; web server to Java container; Java container to Tuxedo app server; Tuxedo app server to DB Security Hardening recommendations, Hosted,
More informationThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
More informationThe Fastest and Most Cost-Effective Backup for Oracle Database: What s New in Oracle Secure Backup 10.2
1 The Fastest and Most Cost-Effective Backup for Oracle Database: What s New in Oracle Secure Backup 10.2 Donna Cooksey Principal Product Manager, Oracle Corporation Sean McKeown
More informationConnecting your Microservices and Cloud Services with Oracle Integration CON7348
Connecting your Microservices and Cloud Services with Oracle Integration CON7348 Robert Wunderlich Sr. Principal Product Manager September 19, 2016 Copyright 2016, Oracle and/or its affiliates. All rights
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationGetting Started with Oracle and.net
Getting Started with Oracle and.net Christian Shay Product Manager Oracle Eric Courville Senior Member of Technical Staff Verizon Oracle Confidential Internal/Restricted/Highly Restricted Program Agenda
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 PeopleTools Developer: PeopleTools 8.53 in Action Christine Libby FSCM Architect Russell Broom HCM Architect 2 The following is intended to outline our general product direction. It is intended for information
More informationArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith
Enterprise Security: Advanced Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for Enterprise Server Portal for 10.5.x Features Strongly Recommend: Knowledge of Server and Portal for Security
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest
More informationORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017
ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS December 1, 2017 Table of Contents Oracle Managed Security Database Encryption Service for Oracle IaaS... 3 Oracle Managed Security Database
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationMySQL Enterprise Security
MySQL Enterprise Security Mike Frank Product Management Director Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationCloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.
Cloud Computing An introduction using MS Office 365, Google, Amazon, & Dropbox. THIS COURSE Will introduce the benefits and limitations of adopting cloud computing for your business. Will introduce and
More informationPeopleSoft 9.1 PeopleBook: Events and Notifications Framework
PeopleSoft 9.1 PeopleBook: Events and Notifications Framework March 2012 PeopleSoft 9.1 PeopleBook: Events and Notifications Framework SKU hcm91fp2eewh-b0312 Copyright 1988, 2012, Oracle and/or its affiliates.
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationBest Practices for Performance Part 2.NET and Oracle Database
Best Practices for Performance Part 2.NET and Oracle Database Alex Keh Christian Shay Product Managers Server Technologies September 19, 2016 Program Agenda 1 2 3 4 Caching SQL Tuning Advisor Oracle Performance
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationComodo cwatch Web Security Software Version 1.6
rat Comodo cwatch Web Security Software Version 1.6 Quick Start Guide Guide Version 1.6.010918 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo cwatch Web Security - Quick Start Guide
More informationWhat s New for.net Developers in Oracle Database
What s New for.net Developers in Oracle Database Alex Keh Christian Shay Product Managers Server Technologies September 22, 2016 Program Agenda 1 2 3 4 5 Release Timelines ODAC 12c Release 4 Cloud Oracle
More informationPhire Frequently Asked Questions - FAQs
Phire Frequently Asked Questions - FAQs Phire Company Profile Years in Business How long has Phire been in business? Phire was conceived in early 2003 by a group of experienced PeopleSoft professionals
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13
1 Putting the PeopleSoft Test Framework to Work for You Doug Redinger and Tim Durant PTF QA and Development Managers 2 The following is intended to outline our general product direction. It is intended
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More informationCHAPTER 3. Information Systems: Ethics, Privacy, and Security
CHAPTER 3 Information Systems: Ethics, Privacy, and Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources LEARNING OBJECTIVES n Describe the
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationAn Oracle Technical White Paper September Oracle VM Templates for PeopleSoft
An Oracle Technical White Paper September 2010 Oracle VM Templates for PeopleSoft 1 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationSymantec Endpoint Protection Integration Component User's Guide. Version 7.0
Symantec Endpoint Protection Integration Component User's Guide Version 7.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms
More informationPCI DSS and VNC Connect
VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a
More informationHow to Troubleshoot Databases and Exadata Using Oracle Log Analytics
How to Troubleshoot Databases and Exadata Using Oracle Log Analytics Nima Haddadkaveh Director, Product Management Oracle Management Cloud October, 2018 Copyright 2018, Oracle and/or its affiliates. All
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8
1 Copyright 2011, Oracle and/or its affiliates. All rights Insert Information Protection Policy Classification from Slide 8 2 Copyright 2011, Oracle and/or its affiliates. All rights Presenting with Session
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Getting Started with Oracle and.net Alex Keh Senior Principal Product Manager Program Agenda Oracle and Microsoft Oracle and.net Getting Started Oracle Developer Tools for Visual Studio Oracle Data Provider
More informationOracle Applications Unlimited and Web 2.0: You Can Have It Now!
Oracle Applications Unlimited and Web 2.0: You Can Have It Now! Product Manager Oracle WebCenter & Portal Products The preceding is intended to outline our general product direction. It is intended for
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 The following is intended to outline our general product direction.
More informationWhat s New for Oracle Database 11gR2 on Windows?
1 What s New for Oracle Database 11gR2 on Windows? Santanu Datta ` Alex Keh Dennis Ruane Sr. Director Principal Product Manager Senior Database Software Engineer Server Technologies
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationSecurity Gaps from the Field
Security Gaps from the Field Reconnaissance, Theft, and Looking Them in the Eye Helping you grow your business with scalable IT services & solutions Bruce Ward, CISM, Vice President for today s challenges
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationWhat s New with Oracle Database 12c on Windows: On-Premises and in the Cloud
What s New with Oracle Database 12c on Windows: On-Premises and in the Cloud Santanu Datta Vice President Database Technologies Alex Keh Senior Principal Product Manager Database Technologies Oracle Confidential
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationCIW: Web Security Associate. Course Outline. CIW: Web Security Associate. 12 Oct ( Add-On )
Course Outline 12 Oct 2018 ( Add-On ) Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training 5. ADA Compliant
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Securing Privileged Accounts with an Integrated IDM Solution Olaf.Stullich@oracle.com Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team Buddhika Kottahachchi OPAM Architect
More informationPeopleSoft Finance Access and Security Audit
PeopleSoft Finance Access and Security Audit City of Minneapolis Internal Audit Department September 20, 2016 1 Contents Page Background... 3 Objective, Scope and Approach... 3 Audit Results and Recommendations...
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationHow Microsoft Azure Stack Streamlines Bi-Modal IT
How Microsoft Azure Stack Streamlines Bi-Modal IT Key takeaways Bimodal IT continues to present challenges to IT organizations The ability to streamline operations and processes for all applications is
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationBasics of executing a penetration test
Basics of executing a penetration test 25.04.2013, WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV Outline Reconnaissance and footprinting Scanning and enumeration System exploitation Outline Reconnaisance
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Oracle Data Guard 12c Zero Data Loss at Any Distance Joseph Meeks Director of Product Management, Oracle Madhu Tumma Technology Director, J P Morgan Chase 2 Program Agenda Zero Data Loss Disaster Protection
More information2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016
2016 Tri-State CF Partnership Webinar Series Cyber Crime Trends a State of the Union April 7, 2016 Presenter Mark Eich, Principal Information Security Services Group CliftonLarsonAllen 2014 CliftonLarsonAllen
More informationJavaentwicklung in der Oracle Cloud
Javaentwicklung in der Oracle Cloud Sören Halter Principal Sales Consultant 2016-11-17 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationBest Practices for Performance Part 1.NET and Oracle Database
Best Practices for Performance Part 1.NET and Oracle Database Alex Keh Christian Shay Product Managers Server Technologies September 19, 2016 Program Agenda 1 2 3 4 Optimization Process ODP.NET Performance
More informationOracle Database Vault and Applications Unlimited Certification Overview
Oracle Database Vault and Applications Unlimited Certification Overview Kamal Tbeileh, Principal Product Manager, Database Vault Oracle Corporation The following is intended to outline
More informationSTUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences
STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences Undergraduate Programs - Bachelor B.S. Computer Game Design Upon completion of the B.S. degree in Computer Game Design, students
More informationebusiness Suite goes SOA
ebusiness Suite goes SOA Ulrich Janke Oracle Consulting Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not
More information<Insert Picture Here> Active Directory and Windows Security Integration with Oracle Database
1 Active Directory and Windows Security Integration with Oracle Database Santanu Datta ` Christian Shay Mark Wilcox Sr. Director Principal Product Manager Principal Product Manager
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationDell One Identity Cloud Access Manager 8.0. Overview
Dell One Identity Cloud Access Manager 8.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationHidden Gems in JD Edwards Orchestrator and AIS Server
Hidden Gems in JD Edwards Orchestrator and AIS Server Darryl Shakespeare Senior Director Product Development Oracle JD Edwards EnterpriseOne November 12-17, 2017 Safe Harbor Statement The following is
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More information2018 GLOBALSCAPE TRAINING OVERVIEW
2018 GLOBALSCAPE TRAINING OVERVIEW TABLE OF CONTENTS COURSE... 3 EFT ESSENTIALS COURSE...4 EFT ADMINISTRATOR COURSE... 5 EFT ADMINISTRATOR COURSE (CONT.)... 6 EFT AUTOMATION COURSE... 7 EFT SECURITY COURSE...8
More informationThe 10 Principles of Security in Modern Cloud Applications
The 10 Principles of Security in Modern Cloud Applications Nigel King, Vice President, Oracle In-Depth Seminars D11 1 Safe Harbor Statement The following is intended to outline our general product direction.
More informationadministrative control
administrative control Powerful membership management features Administrative Control Powerful membership management features Member Management Create and manage member types Approve members via email
More informationTop considerations for implementing secure backup and recovery. A best practice whitepaper by Zmanda
Top considerations for implementing secure backup and recovery A best practice whitepaper by Zmanda In the last few years there have been many headlines about high-profile incidents of lost or stolen backup
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationInformation UH Today"
Information Security @ UH Today" Thursday, November 29, 2012" Jodi Ito" Information Security Officer" jodi@hawaii.edu" (808) 956-2400" Michael Hodges, ITS Identity & Access Management (IAM) Group" mhodges@hawaii.edu
More informationIBM SmartCloud Engage Security
White Paper March 2012 IBM SmartCloud Engage Security 2 IBM SmartCloud Engage Security Contents 3 Introduction 3 Security-rich Infrastructure 4 Policy Enforcement Points Provide Application Security 7
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationCAMPUSPRESS TECHNICAL & SECURITY GUIDE
CAMPUSPRESS TECHNICAL & SECURITY GUIDE CAMPUSPRESS 2 WHAT IS IN THIS GUIDE? TABLE OF CONTENTS INTRODUCTION... 3 HOSTING... 5 DATACENTERS & HOSTING REGIONS... 6 BACKUPS AND DISASTER RECOVERY... 8 RELIABILITY
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationAdvanced Threat Hunting:
Advanced Threat Hunting: Identify and Track Adversaries Infiltrating Your Organization In Partnership with: Presented by: Randeep Gill Tony Shadrake Enterprise Security Engineer, Europe Regional Director,
More informationISDP 2018 Industry Skill Development Program In association with
ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the
More informationWhat FinAid offices need to know about cyberattacks. Presented by: Chris Chumley, COO at CampusLogic Thursday, March 31, EST
What FinAid offices need to know about cyberattacks Presented by: Chris Chumley, COO at CampusLogic Thursday, March 31, 2016 @12pm EST BY 2014, OVER 1 BILLION PERSONAL DATA RECORDS HAD BEEN COMPROMISED
More informationCompTIA Security+ E2C (2011 Edition) Exam.
CompTIA JK0-018 CompTIA Security+ E2C (2011 Edition) Exam TYPE: DEMO http://www.examskey.com/jk0-018.html Examskey CompTIA JK0-018 exam demo product is here for you to test the quality of the product.
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More information