• Save
Best  Practice For  Public  Sector    Information  Security And  Compliance
Upcoming SlideShare
Loading in...5
×
 

Best Practice For Public Sector Information Security And Compliance

on

  • 4,374 views

 

Statistics

Views

Total Views
4,374
Views on SlideShare
4,170
Embed Views
204

Actions

Likes
4
Downloads
0
Comments
0

3 Embeds 204

http://www.techgig.com 195
http://www.slideshare.net 8
http://techgig.in 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Identity Administration helps solve the provisioning/de-provisioning challenge and many other common issues. Let’s take a look at how this works. Oracle Identity Manager automates all aspects of administering user identities. It’s key capabilities can be broadly broken down into 3 bucketsIt automates provisioning and de-provisioning of users. Typically when an employee joins the company, they are entered into the HR system. OIM can automatically detect this addition/change, and kick off a workflow process for provisioning them with access to the systems they would need. After receiving the necessary approvals, OIM automatically creates accounts for this user in all the relevant applications. Similarly, when an employee departs, since OIM knows everything she has access to, it can quickly revoke access from all systems. Additionally, as folks change roles they are automatically de-provisioned from systems they no longer need, and added to new ones relevant to their new role. This ensures that users do not “collect” privileges over time, another common security vulnerability. Another immediate benefit organizations realize as soon as they implement OIM is they’re quickly able to identify and remediate orphaned accounts – live accounts whose owners are no longer with the organizationOIM also provides much improved visibility across enterprise-wide security controls, quickly able to produce reports such as “who has access to what”. As we’ll discuss later, this also greatly eases the cost of compliance.Finally, another great source of cost savings is through end user self-service. Users can use a web interface to reset forgotten passwords, request new accounts and more, thus eliminating a significant volume of help-desk calls

Best  Practice For  Public  Sector    Information  Security And  Compliance Best Practice For Public Sector Information Security And Compliance Presentation Transcript

  • <Insert Picture Here> Best Practices for Public Sector - Information Security & Compliance Oracle webcast: 22nd January 2010 Audio details: 08006948154 Conference Code: 6885951 Password: 22012010
  • Housekeeping • This web conference is being recorded • All telephone lines are muted until the Q&A • Use the chat window to register questions during the presentations • Registered questions will be raised during the Q&A
  • Agenda • Information Security & Compliance in the Public Sector – Geoff Linton, Business Development Director • Oracle Information Security – James Anthony, Technology Director • Q&A
  • <Insert Picture Here> Oracle End-to-End Security Architecture Geoff Linton – Business Development Director EMEA Public Sector
  • Agenda • What Security Issues Are Our Customers Facing? • Reduce online fraud and simplify user login issues with Single Sign On • Automate Employee Onboarding/Offboarding with Identity Management • Protect your sensitive database data from unauthorized use • Simplify management of structured and unstructured content • Streamline Compliance efforts using automated tools Oracle Confidential - Do Not Distribute
  • 5 Questions to ask yourself… Oracle Confidential - Do Not Distribute
  • 1. Do you always know when a security breach has occurred? Oracle Confidential - Do Not Distribute
  • 2. How many ex-employees and ex-contractors still have access to your systems? Oracle Confidential - Do Not Distribute
  • 3. Do your DBAs know your financial results or costs of project before the Chief Executive or the Chief Financial Officer? Oracle Confidential - Do Not Distribute
  • 4. Can you guarantee protection of your employee and customer personal information? Oracle Confidential - Do Not Distribute
  • 5. How much are manual compliance controls costing your organisation? Oracle Confidential - Do Not Distribute
  • The Evolution 1996 2009 • Script Kiddies • Organised Crime • Web Site Defacement • Industrial Espionage • Viruses • Identity Theft • Denial of Service • Constant Threat Oracle Confidential - Do Not Distribute
  • The Impact INTANGIBLE ASSETS BRAND EQUITY ―21% of enterprises are worried about a decline in stock price [resulting from a CONFIDENCE security breach]‖ —Forrester, April 2006, Aligning Data Protection Priorities With Risks STAKEHOLDER VALUE Oracle Confidential - Do Not Distribute
  • Delivering the Services Controlling Cost; Delivering Service; Operational Effectiveness; Safe & Secure; Oracle Confidential - Do Not Distribute
  • Why Is This Hard? Let’s Look at Today’s “New Normal” Users, Systems, Globalization and Compliance Have Increased Complexity Service Level Compliance & IT Records Anti-Money Compliance Ethics Programs Governance Retention Laundering Financial Supply Chain Audit Legal Data Privacy Reporting Traceability Management Discovery Compliance Users Finance Suppliers R&D Mfg Sales HR Legal Customers Systems Enterprise Data Database Mainframes Mobile Devices Apps Applications Warehouse Server Globalization Mandates SOX JSOX EU Directives FDA Basel II HIPAA GLBA Patriot Act SB1386 PCI… Oracle Confidential - Do Not Distribute
  • Corporate Identity Challenges PSFT EPM Unix AD SecurID Oracle Need Tools for: • Account Discovery Jberry Bbanks A49320 Cooperl Skeeti Sequensh Esiegel Lsulley A39943 Tinleyj Frenetc Welchj • Account Mapping Jrowland Lbitmore A49454 Harrisd Smileys Pettyr • Account Provisioning Mfriedel Ltimble A93934 wooc Entrald Robertsj Sbenson Aboyle A39485 Rowlandr Novacho Julianr • Account Risk Analysis Thanks Bcoldwel A49382 Bensons Alvarag Nantpre • Account Disable / Removal Jwayne Dparis A48382 Quinleys Narlersh Enaget Tcarrol Clriot A49382 Harminb Woodst Jhancock Sharris Bwhite Etear Smackay A39485 A29483 Travolta Francek Nicklausj Hoganb Johnh Hanwayv Need solutions to provide Ddailey Mturner A49583 Lipperd Palmera Composi • Central audit Eheiden Mmclain A49382 Skatee Dimarcoc Initalialy Clayton trail/accountability Lball Mcpasch A49302 Marinoe Perryk cwoo Hwiggins Jpasch A42845 Flamingo Beards Stickler Woo • Secure delegation of admin. Cjohnson claytonw A20184 Russiak cw33 Bourne • Automated workflow/approvals Cwillis Tdean A49284 Crowd Fusar Fusar c_woo Jtorville A49248 Pazzaz Poli Margoliao • Security policy enforcement Mthomas Cdean A50824 Daoudc Margaglio Navka • Standards-based interfaces Browland Nreagan A42948 Louf Lithowan Koskoma Mprehn Rnixon A49274 Peizerat Vanagas Hackinsa Ggoodnow Gbush A37520 Anissina Lightes Newjers Slake Jvance A49294 Ferrisb Naugano Shara Bblake Jcarpent A03749 Lupers Footman Alexander Fjohnson Mstewart A49274 Lobach Figureas Sasha Galonso Lchristia A33993 Frenchj Lupesh Reuben Slippes Jbenley A38288 Navratol Arganish Struedl salger jmackay A48228 dellm Delegant tangor ralnc493 ralnc493 ralnc493 ralnc493 ralnc493 ralnc493 Oracle Confidential - Do Not Distribute
  • Data is Being Compromised at Record Pace Oracle Confidential - Do Not Distribute
  • The Goals of Oracle’s Security Strategy Simplify GRC while Reducing Cost Safeguard Brand and Reputation Run Your Business Better and Prove It Oracle Confidential - Do Not Distribute
  • What Have Our Customers Asked For? Automate and Centralize Security and Compliance • Simplify the Sign On process for end users • Manage ‗Who has access to What, When, How and Why‘ for SOX, FFIEC, GLBA and PCI compliance • Automate On-boarding, Termination and Job Transfer processes for tighter security • Detect and remediate fraudulent activities against both outside and inside threats • Enforce segregation of duties and Chinese Wall regulatory mandates • Protect Data from compromise Oracle Confidential - Do Not Distribute
  • Common Deficiencies Found by Auditors • Delay in terminating access: – Auditors check how long it takes between when an employee leaves a company and when all his or her access privileges are turned off. • Built up privileges over time: – Auditors know that people often change jobs within the company. They also know that it is less common to reduce access than to grant it. Auditors check whether employees have more access than they need to do their current job. • Access transactions in conflict: – Auditors are looking for employees who have access to systems that are in conflict with business rules. A classic example of this is when a user can specify vendors for payment in one system, and can issue payment to that same vendor in another. • Uncontrolled access authorizations: – Auditors look for a controlled business process for granting and denying access privileges. If your system for provisioning access privileges is a series of random e-mails between business managers and the IT department, auditors see a red flag • Lax password policy enforcement: – Auditors want to see that all key systems are guarded by a manageable, enforceable password policy. Oracle Confidential - Do Not Distribute
  • Solve “Deficiencies Found by Auditors” • Enforce segregation of duties: – Identity management standardizes user access by role, organization, and geographic location. It also enables you to state users with Accounts Payable cannot also access Purchasing • Restrict access – Identity management centralizes your security policies, including user permissions, privileges, and profile data, and applies these policies across your entire infrastructure, restricting access to sensitive data, applications, operating systems, and key infrastructure. • Automate access management – Identity management provides an environment where privileges are created, approved, and issued via an automated workflow process. When a person changes roles or leaves the company, the workflow process automatically deletes the old set of access privileges immediately • Provide automated reports – Identity management can produce regularly scheduled attestation reports for management review and detailed reports of access, based on automatically captured and aggregated audit data • Demonstrate controls are in place and working – Identity management provides the detailed audit data and reports you need to prove that you have the necessary controls in place and that they are working. Oracle Confidential - Do Not Distribute
  • A Typical “3-Tier” Enterprise Environment Employees Customers Web Partners Services Web (External) Services (Internal) Portal Web and App Servers Servers BI and Content Email / Management File Presentation Servers Tier Packaged Apps (PSFT, EBS, Directories Hyperion, Siebel, SAP) Mainframe Logic Unstructured Content (Business) Data Tier Data Warehouses Databases Tier 22 Oracle Confidential - Do Not Distribute
  • Presentation Tier Issues Authentication Issues 1. Who is this user? 2. How can I be sure they are who they say they are? Employees Customers Web Partners Services Authorization Issues Web (External) Services How can I control access to my (Internal) Web Web Apps and Web Services in Portal and App one place? Servers Servers BI and Content User Access Issues Email / Management How can I simplify access to File Presentation Servers ALL of my applications using Tier Single Sign On? Packaged Apps (PSFT, EBS, • Web-based (Oracle and Self Service and Account Directories Hyperion, Siebel, Non-Oracle apps) Management SAP) Mainframe • Client / Server-based apps How Can I expose Self- Logic Unstructured Content (Business) Registration, Self Administration • Across Companies using Data and Password Reset? Tier Standards Data Warehouses Databases Tier Oracle Confidential - Do Not Distribute
  • Presentation Tier Solutions Risk-Based Authentication  Deploy Online Fraud Detection  Use stronger forms of Authentication than a password like software authenticators Employees Customers Web Partners Services Web (External) Centralize Authorization Services (Internal) Centralize the protection of Portal your Web Applications AND Web and App Web Services Servers Servers BI and Content Single Sign On Email / Management Simplify User Access with SSO:File Presentation Servers Tier 1. Web-based Apps Packaged Apps 2. Client / Server-based Apps (PSFT, EBS, Directories Self Service Hyperion, Siebel, 3. Partners with Federation SAP) Deploy web-based, self-help tools Mainframe Logic for Password Reset, Registration Unstructured Content (Business) and Account Administration Data Tier Data Warehouses Databases Tier Oracle Confidential - Do Not Distribute
  • Logic (Business) Tier Issues Identity Management Password Management How can I automate How can I help my onboarding and offboarding users manage all these based on my HR system? Role Management passwords? How can I create ―Enterprise Level‖ roles that span my applications? Employees Customers Web Partners Services Web Identity Audit/Governance (External) Services 1. I don’t know ―Who Has (Internal) Access to What?‖ Portal Web and App Servers 2. It’s also very hard to Servers know ―Who Had BI and Access?‖ Content 3. Recertification of Email / Management File Presentation is very entitlements Servers manual Tier 4. How reduce the time Packaged Apps required to generate (PSFT, EBS, Directories reports for audit? Hyperion, Siebel, SAP) Mainframe Logic Unstructured Content (Business) Data Tier Data Warehouses Databases Tier Oracle Confidential - Do Not Distribute
  • Logic (Business) Tier Solutions Identity Management Password Management Automate On-Boarding, Reduce the number of Off-Boarding and User passwords by Change based HR data Role Management synchronizing them Use a system that can mine, create across systems and manage roles at an ―Enterprise Level‖ that span many applications Employees Customers Web Partners Services Web Identity Audit/Governance (External) Services Use a integrated, web-based (Internal) system to: Portal Web and App Servers • Quickly tell you ―Who Servers Has (and Had) access BI and to what?‖ Content • Includes a Workflow Email / Management File engine Presentation Servers • Tier Allows you to schedule and delegate Packaged Apps attestation of user (PSFT, EBS, Directories entitlements Hyperion, Siebel, SAP) Mainframe • Notifies you about Logic Unstructured rogue accounts Content (Business) Data Tier Data Warehouses Databases Tier Oracle Confidential - Do Not Distribute
  • Data Tier Issues Encryption How can I secure my sensitive data Access Control while Employees Customers Web  How do you lock • In-motion Partners Services down access to Web (External) • At-rest Services data (Internal) • Backed up Web  Even from the Portal most privileged and App Servers users and audit Servers Database User Management the events?BI and How can I leverage my existing Content directories for database users Email / Management and passwords? File Presentation Servers Tier Packaged Apps (PSFT, EBS, Lots of Data Stores, No Directories Hyperion, Siebel, Common View SAP) Mainframe We’ve Logic of data in got lots Unstructured databases, directories, etc but Content (Business) Data can’t get a common view of it? Tier Data Warehouses Databases Tier Oracle Confidential - Do Not Distribute
  • Data Tier Solutions Access Control Encryption Lock Down access Secure your data Employees to ANY Oracle with integrated, Customers Web tested and Database data Partners Services Web proven database (External) • Credit cards, Services options (Internal) • Employee Data Portal Web and App Servers Database User Management from Servers unauthorized Externalize and Centralize access…even the BI and users and passwords for DBA Content database users in existing Email / Management directories (like AD) File Presentation Servers Tier Packaged Apps (PSFT, EBS, Lots of Data Stores, No Common Directories Hyperion, Siebel, View SAP) Mainframe Logic Create a single ―Virtual‖ LDAP Unstructured view of heterogeneous data Content (Business) Data stores (Directories, Database Tables, Web Tier services) Data Warehouses Databases Tier Oracle Confidential - Do Not Distribute
  • Issues that Span The Tiers Employees Customers Web Partners Spanning The Tiers Services Web (External) Services Most applications are deployed into (Internal) Web production with their components Portal Servers spanning ALL of the tiers. and App Servers BI and Content Email / Management File Presentation Servers Tier Packaged Apps (PSFT, EBS, Directories Hyperion, Siebel, SAP) Mainframe Logic Unstructured Content (Business) Data Tier Data Warehouses Databases Tier 29 Oracle Confidential - Do Not Distribute
  • Issues that Span The Tiers Issues Spanning Many Tiers  IT Governance, Risk and Compliance – How can I document my risks, assign controls and verify their effectiveness?  Auditing / Reporting - How can I Employees consolidate my logs and audit data for Customers Web reporting and compliance? Partners Services Web (External) Services (Internal)  Systems Management and Data Masking Portal Web - How can I simplify the management of and App Servers all components at each of these tiers Servers and hide sensitive information? BI and Content Email / Management  Content Management - File can I lock How Presentation down and manage all Servers structured of my Tier and unstructured data on laptops, file shares and databases? Packaged Apps (PSFT, EBS, Directories Hyperion, Siebel, SAP) Mainframe Logic Unstructured Content (Business) Data Tier Data Warehouses Databases Tier 30 Oracle Confidential - Do Not Distribute
  • Solutions to Issues that Span ―Monitor and Manage‖  Establish a ―Top Down, Risk-based‖ Approach to Compliance, Risk and Governance using an automated system  Centralize your log and audit data into a Secure Audit Data Warehouse for Employees reporting and compliance purposes Customers Web Partners Services Web  (External) Centrallymonitor your web servers, Services application servers, databases, through (Internal) a ―single pane of glass‖ Portal Web and App Servers Servers  Securely Move Sensitive Data between Production, Dev and Test Email / File Presentation Servers  Manage and assign rights to ALL of your Tier secure structured and unstructured Packaged Apps data(PSFT, EBS, with Content Management and Information Rights Management Directories Hyperion, Siebel, SAP) Mainframe Logic Unstructured Content (Business) Data Tier Data Warehouses Databases Tier 31 Oracle Confidential - Do Not Distribute
  • Enterprise-wide GRC Platform Oracle delivers a comprehensive platform for Governance, Risk and Compliance Management Processes Insight Risk & Compliance Mgmt Policy Mgmt Risk & Control Controls Management Industry Specific Intelligence Applications Oracle SAP Custom Legacy Other Operational Intelligence Infrastructure Services Content Mgmt Identity & Access Mgmt Change Mgmt Performance Management Data Security Data Audit Repository Oracle Confidential - Do Not Distribute
  • Oracle Governance, Risk, and Compliance Best-in-Class Infrastructure Automates Enforcement Processes Insight • Ensure information Risk & Compliance Mgmt Policy Mgmt reliability with content Controls Management Industry Specific Risk & Control security, records Intelligence retention, and identity management Applications Oracle SAP Custom Legacy Other • Protect information Operational assets across the entire Intelligence technology stack Infrastructure Services Content Mgmt • Enforce best-practice Identity & Change Mgmt segregation of duties, Access Mgmt configuration and Performance Data Security Data Audit Management change management Repository procedures Oracle Confidential - Do Not Distribute
  • Oracle Governance, Risk, and Compliance Comprehensive Applications Control Costs and Risks Processes Insight • Standardize on best-practice Risk & Compliance Mgmt Policy Mgmt frameworks to meet Controls Management Industry Specific Risk & Control evolving GRC demands Intelligence • Automate key GRC Applications processes for risk Oracle SAP Custom Legacy Other assessment, control Operational design, policy creation, Intelligence hotline intake, control Infrastructure Services monitoring and case Content Mgmt management Identity & Change Mgmt Access Mgmt • Streamline specialized Performance Data Security Data Audit Management GRC processes for Repository highly-regulated and risk-sensitive industries Oracle Confidential - Do Not Distribute
  • GRC Manager Robust GRC process and content management Sign-off and Publish Certify ü ü ü ü ü üü ü ü Remediate ü ü Retest Optimize •End-to-End GRC Process Respond Management Receive Review Investigate •Integrated robust Analyze Alerts Reports Exceptions process management Perform Test Monitor capabilities Scope Self Manual Automated Audits Assess Assessment Controls Controls •Centralized GRC Content Management Document Risk-Control Matrix COSO/COBIT Frameworks Policies and Procedures Evidence & Records Retention Oracle Confidential - Do Not Distribute
  • <Insert Picture Here> Database Centric Information Security James Anthony / Technology Director – Core Technology
  • The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle‘s products remains at the sole discretion of Oracle. Oracle Confidential 37
  • Agenda • Database-Centric Information Security • Database Security • Oracle Database Security Solutions • Defense-in-Depth • Q&A Oracle Confidential 38
  • Business Drivers for Security Sustaining Compliance Managing EU Directive 95/46/EC, Internal Risk Audit, Public Confidence Corporate Malfeasance (IP theft with layoffs), Sophisticated Online attacks, Identity Theft Increasing Business Value Help Desk, Automation, Cost Savings/RoI, Improved Productivity
  • Managing Risk Threats Faced Business Impact Mitigate with $ • Centralized • Security • Data Policy Silos breaches Management • Orphaned • Fraud • Alerting Accounts • Remediation • Risk-Based • Phishing, Costs Security Keylogging, MITM • Brand • Entitlements Damage Management • Insider Threats • Customer • Privileged Loyalty User Management
  • More data than ever… Growth Doubles Yearly 1,800 Exabytes 2006 2011 Source: IDC, 2008 Oracle Confidential 41
  • Information or Data Security? Information = Data Oracle Confidential 42
  • Database Defense-in-Depth Monitoring • Configuration Management • Audit Vault Access Control • Database Vault • Label Security Encryption & Masking Encryption & Masking • Advanced Security Access Control • Data Masking Monitoring Oracle Confidential 43
  • Database Defense-in-Depth Monitoring • Configuration Management • Audit Vault Access Control • Database Vault • Label Security Encryption & Masking Encryption & Masking • Advanced Security Access Control • Data Masking Monitoring Oracle Confidential 44
  • Oracle Advanced Security Transparent Data Encryption Disk Backups Exports Application Off-Site Facilities • Complete encryption for data at rest • No application changes required • Efficient encryption of all application data • Built-in key lifecycle management Oracle Confidential 45
  • Oracle Advanced Security Network Encryption & Strong Authentication • Standard-based encryption for data in transit • Strong authentication of users and servers • No infrastructure changes required • Easy to implement Oracle Confidential 46
  • Oracle Data Masking Irreversible De-Identification Production Non-Production LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 ANSKEKSL 111—23-1111 60,000 BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 40,000 • Remove sensitive data from non-production databases • Referential integrity preserved so applications continue to work • Sensitive data never leaves the database • Extensible template library and policies for automation Oracle Confidential 47
  • Database Defense-in-Depth Monitoring • Configuration Management • Audit Vault Access Control • Database Vault • Label Security Encryption & Masking Encryption & Masking • Advanced Security Access Control • Data Masking Monitoring Oracle Confidential 48
  • Enterprise User Security User authenticates to database with 1 username and password as usual Client Database defers authentication to 2 Oracle Directory Services 4 User is mapped to a physical database user, with database roles granted Oracle Directory Services validates user credentials 3
  • Central Credential Store • Login to multiple databases using the same credentials HR CRM Directory Services DBA, Developer or provides central Application User authentication DEV
  • Oracle Database Vault Separation of Duties & Privileged User Controls Procurement DBA Application HR Finance select * from finance.customers • DBA separation of duties • Limit powers of privileged users • Securely consolidate application data • No application changes required Oracle Confidential 51
  • Oracle Label Security Data Classification for Access Control Sensitive Transactions Confidential Report Data Public Reports Confidential Sensitive • Classify users and data based on business drivers • Database enforced row level access control • Users classification through Oracle Identity Management Suite • Classification labels can be factors in other policies Oracle Confidential 52
  • Database Defense-in-Depth Monitoring • Configuration Management • Audit Vault Access Control • Database Vault • Label Security Encryption & Masking Encryption & Masking • Advanced Security Access Control • Data Masking Monitoring Oracle Confidential 53
  • Oracle Audit Vault Automated Activity Monitoring & Audit Reporting HR Data ! Alerts Built-in CRM Data Audit Reports Data Custom ERP Data Reports Databases Policies Auditor • Consolidate audit data into secure repository • Detect and alert on suspicious activities • Out-of-the box compliance reporting • Centralized audit policy management Oracle Confidential
  • Oracle Configuration Management Vulnerability Assessment & Secure Configuration Monitor Discover Classify Assess Prioritize Fix Monitor Asset Configuration Policy Vulnerability Analysis & Management Management Management Management Analytics & Audit • Database discovery • Continuous scanning against 375+ best practices and industry standards, extensible • Detect and prevent unauthorized configuration changes • Change management compliance reports Oracle Confidential 55
  • Database Defense-in-Depth Monitoring • Configuration Management • Audit Vault Access Control • Database Vault • Label Security Encryption & Masking Encryption & Masking • Advanced Security Access Control • Data Masking Monitoring Oracle Confidential 56
  • User & Role Administration Account Provisioning & Role Management Oracle Identity Manager Oracle Role Manager GRANT REVOKE GRANT REVOKE GRANT REVOKE Employee HR System Approval Applications Joins / Departs Workflows • Automate Provisioning / De-provisioning • Automate Role Management • Report on ―Who has access to what‖ • Self-service account requests
  • Access Control End-to-end Protection Entitlements Server Adaptive Access Manager • Entitlements • Risk-based Management Authentication • Fine Grained • Real-time Fraud Authorization Prevention • Web Access • Cross Domain Control SSO • Single Sign-On • Identity Federation Access Manager Identity Federation
  • Compliance Reporting Web-Based Attestation 1 Set Up 2 3 Automated Action 4 Report Built Reviewer Is Notified Periodic is taken based on And Results Goes to Self Service Review Periodic Review Stored in DB Reviewer Selections Email Result What Is Certify to User Reviewed? Automatically Reject Terminate User Who Decline Notify the Reviews It? Process Owner Archive Notify Delegated Delegate Reviewer Attested Start When? Data How Often? Comments Attestation Actions Delegation Paths
  • Summary • Transparent • Integrated • Comprehensive • Cost-Effective Oracle Confidential 60
  • Oracle Confidential 61
  • For More Information Security Master classes Security Summits 27th January, 2010 Edinburgh, 4th Feb 23rd March 2010 Manchester, 11th Mar London EC2M 2RB London, 18th Mar Upcoming events- oracle.com/goto/uk/security More about solutions- oracle.com/security
  • 64