Database Centric Information Security. Speaker Name / Title

Similar documents
<Insert Picture Here> Oracle Database Security

Private Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy

with Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle

Oracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

Oracle Database Vault and Applications Unlimited Certification Overview

The 10 Principles of Security in Modern Cloud Applications

Security Compliance and Data Governance: Dual problems, single solution CON8015

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Oracle Database Vault

Transparent Solutions for Security and Compliance with Oracle Database 11g. An Oracle White Paper September 2008

MySQL Enterprise Security

Copyright 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12

Optim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales

Oracle Label Security Technical Overview. Jaime Briggs Account Manager Strategic Accounts MSc CS, CCISP, CCSK

Oracle E-Business Suite Certified with Oracle Database Vault Certification Overview

McAfee Database Security

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Managing Oracle Database 12c with Oracle Enterprise Manager 12c

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR SARBANES OXLEYANDCOBIT

IBM services and technology solutions for supporting GDPR program

Projectplace: A Secure Project Collaboration Solution

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Balancing Between Risk and Compliance

Administration and Data Retention. Best Practices for Systems Management

Security Readiness Assessment

Data Privacy and Protection GDPR Compliance for Databases

CipherCloud CASB+ Connector for ServiceNow

Fabrizio Patriarca. Come creare valore dalla GDPR

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Oracle Database Vault

LBI Public Information. Please consider the impact to the environment before printing this.

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Oracle Buys Automated Applications Controls Leader LogicalApps

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification from Slide 8

Compliance and Privileged Password Management

Altius IT Policy Collection Compliance and Standards Matrix

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Defending Against a Dangerous New World

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

Altius IT Policy Collection Compliance and Standards Matrix

Automating Information Lifecycle Management with

WORKSHARE SECURITY OVERVIEW

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

IBM Security Guardium Analyzer

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Teradata and Protegrity High-Value Protection for High-Value Data

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

QuickBooks Online Security White Paper July 2017

Test Data Management for Security and Compliance

Oracle Database Security Assessment Tool

An Oracle White Paper June Oracle Audit Vault and Database Firewall

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

Oracle Data Cloud ( ODC ) Inbound Security Policies

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Key Drivers for Data Security

Oracle Database 11g: Security Release 2

Sponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

Brochure. Data Masking. Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems

SECURITY & PRIVACY DOCUMENTATION

Business Context: Key for Successful Risk Management

TRACKVIA SECURITY OVERVIEW

Information Security Risk Strategies. By

Data Management and Security in the GDPR Era

Focus On: Oracle Database 11g Release 2

Oracle Advanced Compression: Reduce Storage, Reduce Costs, Increase Performance Bill Hodak Principal Product Manager

Google Cloud & the General Data Protection Regulation (GDPR)

Cyber Security Audit & Roadmap Business Process and

Introduction to Access Management. J. Tony Goulding CISSP, ITIL Security Solution Strategist, CA Inc. San Francisco Chapter

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Oracle Database 11g: Security Release 2

SARBANES-OXLEY (SOX) ACT

Sarbanes-Oxley Act (SOX)

Vormetric Data Security

Privileged Account Security: A Balanced Approach to Securing Unix Environments

What is Penetration Testing?

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

CRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations

Support for the HIPAA Security Rule

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Database Auditing and Forensics for Privacy Compliance: Challenges and Approaches. Bob Bradley Tizor Systems, Inc. December 2004

Oracle Audit Vault Implementation

IASM Support for FISMA

Managing SaaS risks for cloud customers

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Hacking an Oracle Database and How to Prevent It

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

locuz.com SOC Services

Reducing PCI Compliance Costs and Effort with SafeNet Transparent Tokenization

Twilio cloud communications SECURITY

Transcription:

Database Centric Information Security Speaker Name / Title

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2

Agenda Database-Centric Information Security Database Security Oracle Database Security Solutions Defense-in-Depth Q&A 3

More data than ever Growth Doubles Yearly 1,800 Exabytes 2006 2011 Source: IDC, 2008 4

More breaches then ever Data Breach Once exposed, the data is out there the bell can t be un-rung PUBLICLY REPORTED DATA BREACHES 400 300 200 630% Increase Total Personally Identifying Information Records Exposed (Millions) 100 0 2005 2006 2007 2008 Source: DataLossDB, 2009 5

More threats than ever 6

More Regulations Than Ever UK/PRO PIPEDA Sarbanes-Oxley PCI Breach Disclosure HIPAA GLBA FISMA EU Data Directives Basel II K SOX Euro SOX ISO 17799 J SOX SAS 70 COBIT AUS/PRO 90% Companies behind in compliance Source: IT Policy Compliance Group, 2007. 7

Market Overview: IT Security In 2009 There has been a clear and significant shift from what was the widely recognized state of security just a few years ago. Protecting the organization's information assets is the top issue facing security programs: data security (90%) is most often cited as an important or very important issue for IT security organizations, followed by application security (86%). 8

Securing Data in Your Database Encryption Masking Classification Access Control Detection Activity Monitoring Change Tracking Discovery and Assessment Secure Configuration 9

Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 10

Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 11

Oracle Advanced Security Transparent Data Encryption Disk Backups Exports Application Off-Site Facilities Complete encryption for data at rest No application changes required Efficient encryption of all application data Built-in key lifecycle management 12

Oracle Advanced Security Network Encryption & Strong Authentication Standard-based encryption for data in transit Strong authentication of users and servers No infrastructure changes required Easy to implement 13

Oracle Secure Backup Integrated Tape or Cloud Backup Management Secure data archival to tape or cloud Easy to administer key management Fastest Oracle Database tape backups Leverage low-cost cloud storage 14

Oracle Data Masking Irreversible De-Identification Production LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Non-Production LAST_NAME SSN SALARY ANSKEKSL 111 23-1111 60,000 BKJHHEIEDK 222-34-1345 40,000 Remove sensitive data from non-production databases Referential integrity preserved so applications continue to work Sensitive data never leaves the database Extensible template library and policies for automation 15

Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 16

Oracle Database Vault Separation of Duties & Privileged User Controls Application Procurement HR Finance DBA select * from finance.customers DBA separation of duties Limit powers of privileged users Securely consolidate application data No application changes required 17

Oracle Database Vault Multi-Factor Access Control Policy Enforcement Procurement HR Application Rebates Protect application data and prevent application by-pass Enforce who, where, when, and how using rules and factors Out-of-the box policies for Oracle applications, customizable 18

Oracle Label Security Data Classification for Access Control Confidential Sensitive Transactions Confidential Report Data Public Reports Sensitive Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in other policies 19

Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 20

Oracle Audit Vault Automated Activity Monitoring & Audit Reporting HR Data! Alerts CRM Data ERP Data Audit Data Built-in Reports Custom Reports Databases Policies Auditor Consolidate audit data into secure repository Detect and alert on suspicious activities Out-of-the box compliance reporting Centralized audit policy management

Oracle Total Recall Secure Change Tracking select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM where emp.title = admin Transparently track data changes Efficient, tamper-resistant storage of archives Real-time access to historical data Simplified forensics and error correction 22

Oracle Configuration Management Vulnerability Assessment & Secure Configuration Monitor Discover Classify Assess Prioritize Fix Monitor Asset Management Policy Management Vulnerability Management Configuration Management & Audit Analysis & Analytics Database discovery Continuous scanning against 375+ best practices and industry standards, extensible Detect and prevent unauthorized configuration changes Change management compliance reports 23

Database Defense-in-Depth Monitoring Configuration Management Audit Vault Total Recall Access Control Database Vault Label Security Encryption & Masking Access Control Monitoring Encryption & Masking Advanced Security Secure Backup Data Masking 24

Summary Transparent Integrated Comprehensive Cost-Effective 25

For More Information search.oracle.com database security or oracle.com/database/security

27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback