Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

Similar documents
Database Centric Information Security. Speaker Name / Title

Security Readiness Assessment

Cybersecurity Auditing in an Unsecure World

Oracle Database Security Assessment Tool

MySQL Enterprise Security

Compliance Audit Readiness. Bob Kral Tenable Network Security

<Insert Picture Here> Oracle Database Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Understanding New Options in Data Protection for the Data Warehouse Environment

University of Pittsburgh Security Assessment Questionnaire (v1.7)

The Realities of Data Security and Compliance: Compliance Security

Cyber Security Updates and Trends Affecting the Real Estate Industry

Private Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Optim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales

Juniper Vendor Security Requirements

Art of Performing Risk Assessments

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Lakes & Leaks Erno Doorenspleet. IBM Security

2017 Annual Meeting of Members and Board of Directors Meeting

GUIDE TO STAYING OUT OF PCI SCOPE

IBM Security Guardium Analyzer

Integrigy Consulting Overview

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Top 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Achieving PCI-DSS Compliance with ZirMed financial services Darren J. Hobbs, CPA and James S. Lacy, JD

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Oracle Database 11g: Security Release 2

PCI Compliance in Oracle E-Business Suite

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Security Audit What Why

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

Oracle Database Security Assessment Tool (DBSAT) Overview

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

Security

McAfee Database Security

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

SECURITY PRACTICES OVERVIEW

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Carbon Black PCI Compliance Mapping Checklist

Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

Data Security and Privacy Principles IBM Cloud Services

Oracle Database 11g: Security Release 2

Sponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Data Privacy and Protection GDPR Compliance for Databases

PT Unified Application Security Enforcement. ptsecurity.com

epldt Web Builder Security March 2017

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

Daxko s PCI DSS Responsibilities

Payment Card Industry (PCI) Data Security Standard

01.0 Policy Responsibilities and Oversight

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

Administration and Data Retention. Best Practices for Systems Management

How to Prepare a Response to Cyber Attack for a Multinational Company.

Server Security Procedure

Data Protection in Practice

Secure Access & SWIFT Customer Security Controls Framework

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

University of Sunderland Business Assurance PCI Security Policy

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Oracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security

Vendor Security Questionnaire

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

mhealth SECURITY: STATS AND SOLUTIONS

Cyber security tips and self-assessment for business

Why the cloud matters?

Data Classification, Security, and Privacy

Security Principles for Stratos. Part no. 667/UE/31701/004

SDR Guide to Complete the SDR

InterCall Virtual Environments and Webcasting

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

QuickBooks Online Security White Paper July 2017

Cybersecurity The Evolving Landscape

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

Total Security Management PCI DSS Compliance Guide

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Take Risks in Life, Not with Your Security

Firewall Configuration and Management Policy

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Securing Your Secured Data

CoreMax Consulting s Cyber Security Roadmap

K12 Cybersecurity Roadmap

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

HIPAA SECURITY RISK ASSESSMENT

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

A Security Admin's Survival Guide to the GDPR.

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Maher Duessel Not for Profit Training July Agenda

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Qualys Cloud Platform

Transcription:

Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1

Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products and How Do They Relate to the EBS? Sensitive Data Risk Assessment Questions and Answers

Corporate Confidential Data 3

Dollars Focusing on Security Corporate Privacy Policies Auditing and Monitoring Identity Access Management Data Loss Prevention Database Encryption 4

Facts and Stats 50% of all the corporate databases contain sensitive data. -Enterprise Strategy Group 38% admitted failing one or more compliance audits in last 3 years. -Enterprise Strategy Group 76% rated database security as high priority project for the next year. -Enterprise Strategy Group 5

Facts and Stats Data thefts by employees doubled in 2009. -ITRC 80% report using real production data in testing environments. -Ponemon Institute 61% report having multiple copies of non production environments. -Ponemon Institute 75% report sharing real production data with 3rd parties & offshore teams. -Ponemon Institute 6

Internal Breaches Less Often & More Costly Verizon Report 2008 7

Sensitive Data in the Oracle EBS 8

Private Data Exposed Production Development Sensitive Information 9

Privileged Users Full Database Access Database Administrators System Administrators Developers/Testers Contractors Third Party Vendors 10

What are the Oracle Security Products? 11

Oracle Security Products Oracle Advanced Security Oracle Audit Vault Oracle Label Security Oracle Configuration Management Oracle Secure Backup Oracle Database Firewall Oracle Database Vault Oracle Data Masking Oracle Total Recall 12

Oracle Advanced Security Encrypts Data At Rest Encrypts Data As It Leaves the DB (for Backup or Over Network). Encrypts Tablespace or Specific Columns Can Be Used for PCI/HIPPA/SOX Compliance Can This Be Used for EBS? Pitfalls??? 13

Oracle Audit Vault Data Warehousing Technology Logs Activities Based on Guidelines Allows Analysis on Activities Can Be Used for PII/HIPPA/SOX Compliance Not a Prevention Tool Can This Be Used for EBS? Pitfalls??? 14

Oracle Label Security Mainly Used in Public Sector Policy Based Security Create Custom Data Classifications Can Be Used With Data Vault Can This Be Used for EBS? Pitfalls??? 15

Oracle Configuration Management Allows for Discovery, Vulnerability Scanning, Compliance Benchmarking, and Central Management of DB Configuration Prevent Configuration Drift Critical Patch Alerts Can This Be Used for EBS? Pitfalls??? 16

Oracle Secure Backup Integrated Data Protection Used for Tape Backup or Cloud Storage Encrypts Data to Tape Low Cost Can This Be Used for EBS? Pitfalls??? 17

Oracle Database Firewall Monitors Database Activity Prevent SQL Injection Detects Internal and External Attacks Can This Be Used for EBS? Pitfalls??? 18

Oracle Database Vault Controls Access Based on Multiple Factors Prevents Access of Privileged Users Built in Factors such as Time of Day, IP Address, Application Name, and Authentication Method. Can This Be Used for EBS? Pitfalls??? 19

Oracle Data Masking Replaces Data with Other Data Mainly Used for Testing/Development Environments Can Be Used for PCI, HIPPA, etc for Compliance Can This Be Used for EBS? Pitfalls??? 20

Oracle Total Recall Archive of Historical Data Secured and Tamper Proof Databases Can This Be Used for EBS? Pitfalls??? 21

Sensitive Data Risk Assessment 22

Investigate Oracle Database and Application Password Use 200 Oracle Default Passwords Unused Accounts (Lock/Remove) Role Based Access Management Default Port (1521) Estimate Resources and Time Needed to Manage these Tasks 23

# of Privileged Users x Hours = Annual Hours of Vulnerability Determine Number of Internal IT Staff and Contractors Establish Average Daily Hours Worked Onsite and Remotely Per Person Estimate Average Days Worked Yearly Per Person Calculate Annual Hours of Data Vulnerability 24

# of Unprotected Records x $ = Potential Cost Examine Oracle EBS Modules Locate Sensitive Data Tables & Columns Quantify Number of Unprotected Sensitive Data Records Decide on an Cost Estimate Forrester Research $90-$305 per unique record Ponemon Institute $202 per unique record Calculate Potential Breach Cost 25

For More Information Contact: Guardian Applications info@guardianapps.com www.guardianapps.com Extended Database Security for the Oracle E-Business Suite 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback