• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
151
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Session 319:Security Compliance usingOracle Enterprise Manager 12c Bobby Curtis, MBA Solution Architect BIAS Corporation April 2013
  • 2. •  Founded in 2000 •  Oracle Platinum Partner with 20+ specializations •  Distinguished Oracle Leader –  Technology Momentum –  Portal Blazer Award –  Titan Award – Red Stack + HW Momentum –  Excellence in Innovation •  Management Team is Ex-Oracle •  Location(s): Atlanta, Washington D.C., Offshore – Hyderabad and Chennai, IndiaAbout BIAS •  Inc.500 fastest growing private company in the U.S. for the 3rd Time •  Voted Best Place to work in Atlanta for 2nd year
  • 3. Bobby Curtis, MBA •  Douglasville, Georgia (west side of Atlanta) •  Solution Architect, BIAS Corp.About Presenter •  Implementation Specialist for Core Technologies •  IOUG, ODTUG, & GOUSER •  Using Oracle products since 2001 •  Previous Life: Military/Systems Administrator Blog: http://www.dbasolved.com Twitter: @curtisbl294 Email: bobby.curtis@biascorp.com curtisbl@gmail.com
  • 4. §  Compliance   §  Customer  Story  -­‐  CCH   §  Puzzle  Pieces  Session Agenda §  Configura8on   §  Addi8onal  Informa8on   §  Customer  Improvements   §  Wrap-­‐Up  
  • 5. Compliance
  • 6. Compliance Management What  is  compliance  management?   The  ability  to  evaluate  the   compliance  of  targets  and   systems  as  they  are  related  to   best  prac8ces  for  configura8on,   security,  and  storage.  
  • 7. Compliance Overview Compliance  solu8on  consists  of:  
  • 8. What  do  these  numbers     have  to  do  with  security  compliance?  Compliance Overview 6                Frameworks   :0   50            Standards   :23   :115        Rules   1827  
  • 9. Customer Story
  • 10. Who  is…   •  Leading  provider  of  Tax,  Accoun8ng  and  Audit   Informa8on  SoUware  for  professionals   •  Subsidiary  of  Wolters  Kluwer  Tax  &  Accoun8ng  Customer Story •  Based  in  Riverwoods,  Ill.,  office  in  Kennesaw,  GA.   •  Largest  customer  is  Internal  Revenue  Service  (IRS)   •  Booth  1318    
  • 11. •  Reliable  monitoring  for  3  RAC  environments   •  High  security  requirements  Customer Story •  Needed  to  enforce  compliance   •  Annual  audits  are  8me  consuming  
  • 12. Compliance Puzzle Pieces
  • 13. There  are  three  pieces  to  the  compliance  Puzzle Pieces, oh my… puzzle.    They  are  the  building  blocks  for   compliance  and  are  hierarchical  structure.   1.  Frameworks   2.  Standards   3.  Rules   ü  Real-­‐Time  Facets*   ü  Templates*  
  • 14. Puzzle Pieces : Framework A  compliance  framework  is  a  hierarchical  structure   where  any  node  can  be  mapped  to  one  or  more   compliance  standards  and  compliance  standard   rules.   2  Types  of  Frameworks:     §  Oracle  Provided   §  Payment  Card  Industry  (PCI)   §  Generic   §  User-­‐Defined   §  Defined  to  sa8sfy  the  needs  of  your  organiza8on  
  • 15. Puzzle Pieces : Standards A  compliance  standard  is  a  collec8on  of  checks  or   rules.   Standards-­‐Hierarchical  Structure:     §  Compliance  Rules   §  Rule  Folders   §  Hierarchical  structure  the  constrains  compliance  rules   §  Compliance  Standards   §  Can  include  other  compliance  standards  
  • 16. What  do  standards  do:  Puzzle Pieces : Standards   §  Represent  Industry-­‐wide  standards,  per  target   §  Used  as  reference  configura8on/cer8fied  configura8on   §  Describe  best  prac8ces  for  enterprise   Security  Compliance  Standards  By   Target  Type   Automa8c  Storage  Management  (ASM)   2   Cluster   1   Cluster  Database   7   Database  Instance   9   Host   2   Listener   2   Total   23  
  • 17. A  compliance  rule  is  a  test  that  determines  if   configura8on  data  change  affects  compliance.     Based  on  the  result,  the  compliance  score  is  Puzzle Pieces : Rules calculated.   3  Types  of  Rules:   §  Repository  Rules   §  Check  against  metrics  in  management  repository   §  Weblogic  Server  Signature  Rules   §  Describe  poten8al  problems  based  on  info  about  Weblogic   Server  and  environment   §  Real-­‐Time  Monitoring   §  Monitors  ac8ons  performed  by  users  on  targets  
  • 18. Puzzle Pieces : Templates Enable  security  compliance;  templates  have  to  be   enabled.  
  • 19. Evaluation…Understand Number  of  targets   evaluated  as  Cri8cal,   Warning,  or  Compliant   Average  Score  for  Evalua8on   Number  of  Cri8cal,   Compliance  Score  Ra9ngs   Warning,  or  Minor  Warning   Cri9cal   <  60   viola8ons  across  all  targets   Warning   <  80   Compliant   >  80    
  • 20. Compliance  Summary  &  Details     §  Enterprise  Summary  Evaluation… Review §  Compliance  Dashboard  
  • 21. Configure the Puzzle Pieces
  • 22. Configure: Library 3   2   1   N/A  
  • 23. Configure: Rules
  • 24. Configure: Rules
  • 25. Configure: Standards
  • 26. Compliance  Standards  are:     §  Hierarchical  in  nature   §  Must  have  at  least  1  rule  Configure: Standards   Adding  Rules/Standards  is   simple!     Right  click-­‐>Edit-­‐>Add  
  • 27. Configure: Framework §  Top  most  level  of  compliance   §  Only  standards  can  be  added   §  Standards  in  subgroups  
  • 28. §  Oracle  Security  Template   §  Immediately  available   (some  delay)  Results
  • 29. Results
  • 30. Dashboard  Consists  of:     §  Compliance  Framework   Summary   §  Compliance  Summary   §  Least  Compliant  Generic   Systems  Results §  Most  Recently  Discovered   Unmanaged  Hosts   §  Least  Compliant  Targets  
  • 31. Additional Information
  • 32. Compliance  from  the  command  line:   §  export_compliance_group   §  export_compliance_standard_rule     §  export_standard               §  import_compliance_object      EMCLI Options
  • 33. Views  for  Compliance  (SYSMAN)   §  MGMT$COMPLIANCE_STANDARD_GROUP   §  MGMT$COMPLIANCE_STANDARD   §  MGMT$COMPLIANCE_STANDARD_RULE   §  MGMT$COMPLIANCE_SUMMARY  SQL Options §  MGMT$COMPLIANT_TARGETS   §  MGMT$COMPLIANCE_TREND   §  MGMT$COMPOSITE_CS_EVAL_SUMMARY   Oracle  Enterprise  Manager  Cloud  Control  Extensibility  Programmers  Guide   Chapter  18      
  • 34. To  use  compliance  standards:   §  CREATE_COMPLIANCE_ENTITY  Privileges & Roles §  FULL_ANY_COMPLIANCE_ENTITY   §  VIEW_ANY_COMPLIANCE_FWK   §  MANAGE_TARGET_COMPLIANCE   §  VIEW   §  EM_COMPLIANCE_DESIGNER  (ROLE)   §  EM_COMPLIANCE_OFFICE  (ROLE)  
  • 35. Customer Story.. Improvement?
  • 36. §  Able  to  monitor  in  all  environments   §  Has  a  easier  and  measurable  way  of  enforcing   compliance  across  environments  Customer Story   §  Expected  to  reduce  annual  audit  8mes  by   40%-­‐50%  
  • 37. §  Brief  customer  story   §  Talked  about  compliance  and  its  importance   §  Implemented  security  aspects  of  the  compliance   model  and  how  to  review  results   §  Discussed  addi8onal  op8ons  for  compliance  Wrap Up §  Results  of  customer  implemen8ng  compliance  
  • 38. Discussion & Questions
  • 39. Thank You for Attending Blog: http://www.dbasolved.com Twitter: @curtisbl294 Email: bobby.curtis@biascorp.com curtisbl@gmail.com hrp://www.biascorp.com