This document discusses security strategies for Oracle E-Business Suite applications. It outlines business drivers for security, security challenges, and comprehensive security approaches. It discusses securing the EBS environment through configuration hardening and patching. It also covers externalizing EBS security through approaches like integrating with Oracle Identity Management and leveraging technologies like Oracle Audit Vault. The presentation provides an overview of current and future certification plans for advanced security options in Oracle databases like Transparent Data Encryption and Database Vault when used with EBS. It aims to help organizations understand security best practices for Oracle E-Business Suite applications.
The document discusses SunGard Enterprise Cloud Services. It highlights that production and disaster recovery are top cloud priorities for enterprises. It also discusses the security, compliance, connectivity, manageability and availability challenges and benefits of cloud computing. SunGard aims to address these challenges by providing fully managed infrastructure as a service, integrated recovery capabilities, and helping customers adopt a pragmatic path to the enterprise cloud through assessments, design, implementation and steady state production support.
This document discusses securing financial services applications. It notes that 48% of fraud is caused by insiders and 86% of hacking involves compromised credentials. The challenges include fragmented authorization, brittle access controls, and hardcoded security. It proposes an entitlements management approach using an identity platform to define entitlement catalogs, enforce dynamic authorization policies, audit access and risks, and secure application data through techniques like encryption and masking. Using a platform can reduce costs compared to point solutions and help simplify application security.
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
This document discusses securing virtual infrastructure while meeting compliance mandates. It notes that security and compliance will be key to virtualizing the next 50% of the data center, as tier 1 and 2 workloads have higher security and compliance needs than basic virtualization can provide. Purpose-built solutions are needed. It highlights how privileged users can impact organizations through data breaches or other incidents. Expert consensus recommends restricting administrator access and enforcing least privilege for virtualization solutions. The HyTrust Appliance is presented as providing necessary controls to securely virtualize mission-critical applications by enforcing access policies, providing auditing, and validating the integrity of the virtual infrastructure.
The document discusses testing measures for cloud services. It outlines various types of testing that should be performed at different stages, including performance testing, security testing, manageability testing, availability and continuity testing, functional testing, migration testing, and testing required due to legislation and regulations. The testing measures are developed by identifying risks and mapping them to individual test cases. Testing is a continuous process that starts early and never ends.
The document discusses security risks and threats. It notes that risks are inside companies from issues like stolen credentials, while threats are outside from hacking. It shows that most data breaches in 2012 involved hacking that exploited stolen credentials or privilege misuse. The document advocates managing risks by implementing security across IT layers, systems, and providing solutions like identity management, database security and infrastructure security.
This document discusses securing internet payment systems. It begins with discussing trends in online payments and cybercrime threats to the financial sector. It then outlines security measures recommended by the ECB, including strong customer authentication and protection of sensitive payment data. The document discusses Oracle's approach to security, including layered access security and adaptive access management. It provides an example use case of BT's managed fraud reduction service which is based on Oracle technologies and provides real-time fraud screening.
The document discusses key security considerations for cloud computing. It identifies top cloud security concerns such as access from mobile devices and identity management. It evaluates best practices for assessing a cloud provider's security and discusses how identity management can reduce risks and bridge security gaps. The presentation then provides an example of Oracle's identity and authentication cloud service and its features for multi-factor authentication and anti-fraud. It concludes with biographies of the cloud security executive panel speakers.
The document discusses the secure enterprise cloud and addresses some key risks of cloud computing. It outlines how security, compliance, connectivity and availability challenges in the cloud are similar to traditional enterprise IT risks. It then describes how a secure cloud foundation can be created for enterprises by implementing security best practices like role-based access control, activity logging and infrastructure security. Finally, it discusses how hybrid cloud models can be used to leverage existing infrastructure and integrate internal, external and third-party cloud applications and services.
The document discusses SunGard Enterprise Cloud Services. It highlights that production and disaster recovery are top cloud priorities for enterprises. It also discusses the security, compliance, connectivity, manageability and availability challenges and benefits of cloud computing. SunGard aims to address these challenges by providing fully managed infrastructure as a service, integrated recovery capabilities, and helping customers adopt a pragmatic path to the enterprise cloud through assessments, design, implementation and steady state production support.
This document discusses securing financial services applications. It notes that 48% of fraud is caused by insiders and 86% of hacking involves compromised credentials. The challenges include fragmented authorization, brittle access controls, and hardcoded security. It proposes an entitlements management approach using an identity platform to define entitlement catalogs, enforce dynamic authorization policies, audit access and risks, and secure application data through techniques like encryption and masking. Using a platform can reduce costs compared to point solutions and help simplify application security.
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
This document discusses securing virtual infrastructure while meeting compliance mandates. It notes that security and compliance will be key to virtualizing the next 50% of the data center, as tier 1 and 2 workloads have higher security and compliance needs than basic virtualization can provide. Purpose-built solutions are needed. It highlights how privileged users can impact organizations through data breaches or other incidents. Expert consensus recommends restricting administrator access and enforcing least privilege for virtualization solutions. The HyTrust Appliance is presented as providing necessary controls to securely virtualize mission-critical applications by enforcing access policies, providing auditing, and validating the integrity of the virtual infrastructure.
The document discusses testing measures for cloud services. It outlines various types of testing that should be performed at different stages, including performance testing, security testing, manageability testing, availability and continuity testing, functional testing, migration testing, and testing required due to legislation and regulations. The testing measures are developed by identifying risks and mapping them to individual test cases. Testing is a continuous process that starts early and never ends.
The document discusses security risks and threats. It notes that risks are inside companies from issues like stolen credentials, while threats are outside from hacking. It shows that most data breaches in 2012 involved hacking that exploited stolen credentials or privilege misuse. The document advocates managing risks by implementing security across IT layers, systems, and providing solutions like identity management, database security and infrastructure security.
This document discusses securing internet payment systems. It begins with discussing trends in online payments and cybercrime threats to the financial sector. It then outlines security measures recommended by the ECB, including strong customer authentication and protection of sensitive payment data. The document discusses Oracle's approach to security, including layered access security and adaptive access management. It provides an example use case of BT's managed fraud reduction service which is based on Oracle technologies and provides real-time fraud screening.
The document discusses key security considerations for cloud computing. It identifies top cloud security concerns such as access from mobile devices and identity management. It evaluates best practices for assessing a cloud provider's security and discusses how identity management can reduce risks and bridge security gaps. The presentation then provides an example of Oracle's identity and authentication cloud service and its features for multi-factor authentication and anti-fraud. It concludes with biographies of the cloud security executive panel speakers.
The document discusses the secure enterprise cloud and addresses some key risks of cloud computing. It outlines how security, compliance, connectivity and availability challenges in the cloud are similar to traditional enterprise IT risks. It then describes how a secure cloud foundation can be created for enterprises by implementing security best practices like role-based access control, activity logging and infrastructure security. Finally, it discusses how hybrid cloud models can be used to leverage existing infrastructure and integrate internal, external and third-party cloud applications and services.
NetAuthority has created a new standard in multi-factor authentication by utilizing the user's device as the authentication key. Their Dynamic Device Key solution uses a patented challenge/response process where the device itself generates unique keys for each authentication. Their Transaction Verification Key technology also provides strong device-centric transaction verification to detect man-in-the-browser attacks. NetAuthority's device-centric authentication protects organizations by ensuring only trusted devices can access accounts and systems.
Web services security standards aim to provide interoperability and trust. Several standards organizations are working on related specifications to provide a security infrastructure for web services. This includes standards for XML signatures and encryption, message-level security with WS-Security, and distributed access control standards like SAML and XACML. Further work is needed to standardize key management, authorization policy, and support direct trust models. Overall progress has been made but full security requires continued standardization efforts.
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
The document discusses information and identity protection solutions from Symantec. It covers the risks of data breaches, an information-centric security approach, and Symantec's portfolio of products that provide data loss prevention, encryption, and user authentication capabilities. The integrated suite helps customers gain awareness of sensitive data, protect it across networks and endpoints, and authenticate user identities.
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
This document discusses multi-factor authentication strategies for enterprise applications using PKI, smart cards, and biometrics. It provides an agenda that covers the identity dilemma, identity assurance vs security, multi-factor authentication strategies using OTPs, smart cards, PKI and biometrics, understanding real-world implementations including tools, standards, and the role of JAAS. It also discusses the role of Sun OpenSSO for single sign-on and multi-factor authentication, deployment architectures, and provides a demonstration of multi-factor SSO using PKI, smart cards and biometrics.
This document discusses network security and Cisco's advanced services for network security. It provides an overview of security threats over time, the challenges faced by IT organizations in implementing security, and how an architectural approach to security is required. It describes Cisco's security services across the security lifecycle from assessment to design to implementation. Specific services covered include security posture assessment, network security design review and development. It also discusses best practices for perimeter security, authentication and authorization, and intrusion detection system design.
The document discusses the need for entitlement-driven identity management. It outlines challenges with the current fragmented approach to identity management, including security breaches, rising compliance costs, and poor user visibility. The document proposes moving to a proactive, entitlement-driven approach using an integrated identity management platform that provides analytics, context, and control over user access and privileges. An entitlement-driven approach can help reduce risk, increase productivity and agility, and lower costs compared to traditional identity management.
This document summarizes a panel discussion on managing risk and enforcing compliance in healthcare with identity analytics. The panel discussed Kaiser Permanente's implementation of Oracle identity and access management solutions to standardize access management, automate compliance processes, and gain visibility into user access across their environment. PwC provided an overview of their healthcare privacy and security practice and experience implementing Oracle identity solutions. Oracle discussed how their identity analytics and identity management products help boost security, enforce compliance, improve user productivity, and reduce costs for healthcare organizations.
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
In this webinar we will discuss the use of multi-factor authentication (MFA), and the new mandate in the latest version of PCI Data Security Standard, PCI DSS 3.2. MFA goes beyond traditional password-based approaches by combining multiple features, such as biometrics, behavioral patterns, and context information. In addition to covering these, the webinar will also address the problem of selecting the right combination of features for a business, given its unique priorities and circumstances. Learn how to comply with PCI DSS 3.2's MFA mandate for admin and user accounts.
This document discusses building confidence in cloud security. It outlines challenges in cloud computing like loss of physical controls and new attack surfaces. It proposes making cloud security equal to or better than traditional enterprise security by securing connections, applications/data/traffic, and devices. The document also discusses extending security policies to virtualized and private clouds and providing visibility and control across cloud infrastructures. Finally, it discusses McAfee's datacenter security solutions for servers, virtual machines, and databases.
The document discusses security challenges in virtual and cloud environments and Cisco's solutions to address them. It notes that security needs to scale with increasing application traffic and virtualization. Cisco provides consistent security policies across physical, virtual, and cloud workloads through solutions like the ASA 1000V, Virtual Security Gateway (VSG), and Nexus 1000V. These solutions allow segmentation of virtual machines and tenants while integrating with the Cisco identity and policy management offerings.
This document discusses choosing the most appropriate data security solution for an organization. It begins by introducing Ulf Mattsson, the CTO of Protegrity, who has over 20 years of experience in data security. It then discusses how data is increasingly under attack from highly organized criminal groups. The document examines different data security methods like encryption, tokenization, and data masking and how their security levels and costs can vary. It emphasizes that the optimal security solution depends on properly assessing risk levels for different types of data and systems. Tokenization is presented as a lower-cost solution that can help balance security and business needs like performance and creativity.
The document discusses securing test systems by masking sensitive data across heterogeneous enterprise databases. It proposes automating the deployment of secure test systems through masking sensitive data directly in databases without extracting it. The masking process involves discovering, assessing, and applying optimal masking techniques to sensitive columns in non-production systems to enable testing while protecting privacy.
This document provides brief descriptions of leading Israeli IT security companies and the technologies they offer. Actimize provides enterprise software solutions for anti-money laundering, brokerage compliance, and fraud prevention built on a single, shared risk platform. Beyond Security specializes in developing tools that uncover security holes in servers and networks through automated vulnerability scanning. Checkmarx develops automatic software to detect security vulnerabilities in source code during development.
Sunera Business & Technology Risk ConsultingSunera
Sunera is a professional consultancy that provides regulatory compliance, information security, internal audit, and IT advisory services. It has over 100 professionals across 12 offices in the US and Canada. Services include internal audit, SOX compliance, IT audits, PCI assessments, information security consulting, data privacy, and business continuity planning. The goal is to help clients enhance controls, reduce risks and costs, and achieve compliance with regulations.
Customer Name: Noble Foods
Industry: Food Production/Agriculture/Retail
Location: United Kingdom
Company size: 1800 employees
Challenge
• Reduce spam levels without delaying legitimate email
• Promote safer web and email behavior across company
Solution
• Intelligent pre-gateway filtering solution, based on the Cisco IronPort Email and Web Security Appliances integrated with the Sawmill Enterprise 5 Reporting tool
Results
• Over 2 million threats blocked and 99.3 percent less spam in first six months
• Less risk of delays to legitimate email
• 80 percent decline in spam and virus related IT Service Desk calls, releasing IT to focus more on business enablement projects
The document discusses Russia's regulation of cryptography. It notes that while the first public regulatory documents date back to 1995, the Federal Security Bureau still adheres to an approach of total control over cryptographic tools throughout their lifetime. This is based on protecting state secrets. The regulations cover import, licensing of cryptographic activities, and use of certified tools. However, critics argue the rules contain fuzzy terminology, do not understand modern business threats, and lack a clear position from regulators. The regulations apply broadly to any products containing encrypting functionality, including printers, phones, and networking equipment.
Ulf Mattsson is the CTO of Protegrity, a data security management company. He has over 20 years of experience in data security and encryption. The presentation discusses myths and realities of data security and compliance, focusing on risk-based data protection solutions. It covers understanding data security risks and attacks, deploying different defense strategies based on data risk levels, and developing a holistic risk-adjusted data protection plan. Protegrity offers a platform to continuously secure data across its lifecycle through application, database, and file level protection along with centralized policy, key management and auditing.
The document discusses identity assurance levels and identity assertions. It recommends that the assurance level meet the requirements of the identity assertion use case. Both technical and process aspects are important. Lower assurance levels evolved from business-to-consumer use cases, but higher levels of assurance are needed for government and critical infrastructure applications. Standards like PIV and PIV-I can provide a high level of assurance through multi-factor authentication using smart cards. The document cautions against using weaker credentials like usernames and passwords for privileged access or across systems.
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
Hitachi ID Password Manager:
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications.
Integrated credential management for users: passwords, encryption keys, tokens, smart cards and more.
http://hitachi-id.com/
The document discusses the key aspects of an enterprise data warehouse (EDW) including data modeling, extracting data from source systems using ETL processes, building cubes in Analysis Services for analytics, and reporting on the data using SQL Server Reporting Services and Excel pivot tables. It provides an overview of the different roles and technologies involved in an EDW as well as examples of dimensional modeling techniques.
NetAuthority has created a new standard in multi-factor authentication by utilizing the user's device as the authentication key. Their Dynamic Device Key solution uses a patented challenge/response process where the device itself generates unique keys for each authentication. Their Transaction Verification Key technology also provides strong device-centric transaction verification to detect man-in-the-browser attacks. NetAuthority's device-centric authentication protects organizations by ensuring only trusted devices can access accounts and systems.
Web services security standards aim to provide interoperability and trust. Several standards organizations are working on related specifications to provide a security infrastructure for web services. This includes standards for XML signatures and encryption, message-level security with WS-Security, and distributed access control standards like SAML and XACML. Further work is needed to standardize key management, authorization policy, and support direct trust models. Overall progress has been made but full security requires continued standardization efforts.
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
The document discusses information and identity protection solutions from Symantec. It covers the risks of data breaches, an information-centric security approach, and Symantec's portfolio of products that provide data loss prevention, encryption, and user authentication capabilities. The integrated suite helps customers gain awareness of sensitive data, protect it across networks and endpoints, and authenticate user identities.
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
This document discusses multi-factor authentication strategies for enterprise applications using PKI, smart cards, and biometrics. It provides an agenda that covers the identity dilemma, identity assurance vs security, multi-factor authentication strategies using OTPs, smart cards, PKI and biometrics, understanding real-world implementations including tools, standards, and the role of JAAS. It also discusses the role of Sun OpenSSO for single sign-on and multi-factor authentication, deployment architectures, and provides a demonstration of multi-factor SSO using PKI, smart cards and biometrics.
This document discusses network security and Cisco's advanced services for network security. It provides an overview of security threats over time, the challenges faced by IT organizations in implementing security, and how an architectural approach to security is required. It describes Cisco's security services across the security lifecycle from assessment to design to implementation. Specific services covered include security posture assessment, network security design review and development. It also discusses best practices for perimeter security, authentication and authorization, and intrusion detection system design.
The document discusses the need for entitlement-driven identity management. It outlines challenges with the current fragmented approach to identity management, including security breaches, rising compliance costs, and poor user visibility. The document proposes moving to a proactive, entitlement-driven approach using an integrated identity management platform that provides analytics, context, and control over user access and privileges. An entitlement-driven approach can help reduce risk, increase productivity and agility, and lower costs compared to traditional identity management.
This document summarizes a panel discussion on managing risk and enforcing compliance in healthcare with identity analytics. The panel discussed Kaiser Permanente's implementation of Oracle identity and access management solutions to standardize access management, automate compliance processes, and gain visibility into user access across their environment. PwC provided an overview of their healthcare privacy and security practice and experience implementing Oracle identity solutions. Oracle discussed how their identity analytics and identity management products help boost security, enforce compliance, improve user productivity, and reduce costs for healthcare organizations.
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
In this webinar we will discuss the use of multi-factor authentication (MFA), and the new mandate in the latest version of PCI Data Security Standard, PCI DSS 3.2. MFA goes beyond traditional password-based approaches by combining multiple features, such as biometrics, behavioral patterns, and context information. In addition to covering these, the webinar will also address the problem of selecting the right combination of features for a business, given its unique priorities and circumstances. Learn how to comply with PCI DSS 3.2's MFA mandate for admin and user accounts.
This document discusses building confidence in cloud security. It outlines challenges in cloud computing like loss of physical controls and new attack surfaces. It proposes making cloud security equal to or better than traditional enterprise security by securing connections, applications/data/traffic, and devices. The document also discusses extending security policies to virtualized and private clouds and providing visibility and control across cloud infrastructures. Finally, it discusses McAfee's datacenter security solutions for servers, virtual machines, and databases.
The document discusses security challenges in virtual and cloud environments and Cisco's solutions to address them. It notes that security needs to scale with increasing application traffic and virtualization. Cisco provides consistent security policies across physical, virtual, and cloud workloads through solutions like the ASA 1000V, Virtual Security Gateway (VSG), and Nexus 1000V. These solutions allow segmentation of virtual machines and tenants while integrating with the Cisco identity and policy management offerings.
This document discusses choosing the most appropriate data security solution for an organization. It begins by introducing Ulf Mattsson, the CTO of Protegrity, who has over 20 years of experience in data security. It then discusses how data is increasingly under attack from highly organized criminal groups. The document examines different data security methods like encryption, tokenization, and data masking and how their security levels and costs can vary. It emphasizes that the optimal security solution depends on properly assessing risk levels for different types of data and systems. Tokenization is presented as a lower-cost solution that can help balance security and business needs like performance and creativity.
The document discusses securing test systems by masking sensitive data across heterogeneous enterprise databases. It proposes automating the deployment of secure test systems through masking sensitive data directly in databases without extracting it. The masking process involves discovering, assessing, and applying optimal masking techniques to sensitive columns in non-production systems to enable testing while protecting privacy.
This document provides brief descriptions of leading Israeli IT security companies and the technologies they offer. Actimize provides enterprise software solutions for anti-money laundering, brokerage compliance, and fraud prevention built on a single, shared risk platform. Beyond Security specializes in developing tools that uncover security holes in servers and networks through automated vulnerability scanning. Checkmarx develops automatic software to detect security vulnerabilities in source code during development.
Sunera Business & Technology Risk ConsultingSunera
Sunera is a professional consultancy that provides regulatory compliance, information security, internal audit, and IT advisory services. It has over 100 professionals across 12 offices in the US and Canada. Services include internal audit, SOX compliance, IT audits, PCI assessments, information security consulting, data privacy, and business continuity planning. The goal is to help clients enhance controls, reduce risks and costs, and achieve compliance with regulations.
Customer Name: Noble Foods
Industry: Food Production/Agriculture/Retail
Location: United Kingdom
Company size: 1800 employees
Challenge
• Reduce spam levels without delaying legitimate email
• Promote safer web and email behavior across company
Solution
• Intelligent pre-gateway filtering solution, based on the Cisco IronPort Email and Web Security Appliances integrated with the Sawmill Enterprise 5 Reporting tool
Results
• Over 2 million threats blocked and 99.3 percent less spam in first six months
• Less risk of delays to legitimate email
• 80 percent decline in spam and virus related IT Service Desk calls, releasing IT to focus more on business enablement projects
The document discusses Russia's regulation of cryptography. It notes that while the first public regulatory documents date back to 1995, the Federal Security Bureau still adheres to an approach of total control over cryptographic tools throughout their lifetime. This is based on protecting state secrets. The regulations cover import, licensing of cryptographic activities, and use of certified tools. However, critics argue the rules contain fuzzy terminology, do not understand modern business threats, and lack a clear position from regulators. The regulations apply broadly to any products containing encrypting functionality, including printers, phones, and networking equipment.
Ulf Mattsson is the CTO of Protegrity, a data security management company. He has over 20 years of experience in data security and encryption. The presentation discusses myths and realities of data security and compliance, focusing on risk-based data protection solutions. It covers understanding data security risks and attacks, deploying different defense strategies based on data risk levels, and developing a holistic risk-adjusted data protection plan. Protegrity offers a platform to continuously secure data across its lifecycle through application, database, and file level protection along with centralized policy, key management and auditing.
The document discusses identity assurance levels and identity assertions. It recommends that the assurance level meet the requirements of the identity assertion use case. Both technical and process aspects are important. Lower assurance levels evolved from business-to-consumer use cases, but higher levels of assurance are needed for government and critical infrastructure applications. Standards like PIV and PIV-I can provide a high level of assurance through multi-factor authentication using smart cards. The document cautions against using weaker credentials like usernames and passwords for privileged access or across systems.
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
Hitachi ID Password Manager:
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications.
Integrated credential management for users: passwords, encryption keys, tokens, smart cards and more.
http://hitachi-id.com/
The document discusses the key aspects of an enterprise data warehouse (EDW) including data modeling, extracting data from source systems using ETL processes, building cubes in Analysis Services for analytics, and reporting on the data using SQL Server Reporting Services and Excel pivot tables. It provides an overview of the different roles and technologies involved in an EDW as well as examples of dimensional modeling techniques.
Agile Data Warehouse Modeling: Introduction to Data Vault Data ModelingKent Graziano
The document introduces Data Vault modeling as an agile approach to data warehousing. It discusses how Data Vault addresses some limitations of traditional dimensional modeling by allowing for more flexible, adaptable designs. The Data Vault model consists of three simple structures - hubs, links, and satellites. Hubs contain unique business keys, links represent relationships between keys, and satellites hold descriptive attributes. This structure supports incremental development and rapid changes to meet evolving business needs in an agile manner.
Data Warehouse Design and Best PracticesIvo Andreev
A data warehouse is a database designed for query and analysis rather than for transaction processing. An appropriate design leads to scalable, balanced and flexible architecture that is capable to meet both present and long-term future needs. This session covers a comparison of the main data warehouse architectures together with best practices for the logical and physical design that support staging, load and querying.
Not to be confused with Oracle Database Vault (a commercial db security product), Data Vault Modeling is a specific data modeling technique for designing highly flexible, scalable, and adaptable data structures for enterprise data warehouse repositories. It is not a replacement for star schema data marts (and should not be used as such). This approach has been used in projects around the world (Europe, Australia, USA) for the last 10 years but is still not widely known or understood. The purpose of this presentation is to provide attendees with a detailed introduction to the technical components of the Data Vault Data Model, what they are for and how to build them. The examples will give attendees the basics for how to build, and design structures when using the Data Vault modeling technique. The target audience is anyone wishing to explore implementing a Data Vault style data model for an Enterprise Data Warehouse, Operational Data Warehouse, or Dynamic Data Integration Store. See more content like this by following my blog http://kentgraziano.com or follow me on twitter @kentgraziano.
This document discusses Oracle's identity management and database security products. It notes that threats are increasingly coming from insiders and attacks are targeting applications and data. It also discusses how a patchwork of point solutions leads to audit exposure, security vulnerabilities and missed business opportunities. The document promotes Oracle's integrated security platform approach which can reduce audit exposure, detect and prevent threats, and help businesses grow by enabling new opportunities like cloud, mobile and social access.
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
The document discusses information and identity protection solutions from Symantec. It outlines the key threats to data security, such as data breaches, non-compliance, and external attacks. It then describes Symantec's information-centric security approach and solutions portfolio, which includes tools for identity management, data awareness, and data protection through encryption and data loss prevention.
Life & Work Online Protecting Your IdentityInnoTech
Microsoft's latest Security Intelligence Report focuses on the expanding threat posed by bots and botnets. The report details that botnets are growing larger in size and becoming more sophisticated, with some networks now containing over one million infected machines. Microsoft also discusses new trends seen over the past year, such as the emergence of mobile botnets targeting smartphones. Additionally, the report provides statistics on cyberattacks by country and information on new botnet command and control techniques used by cybercriminals.
The document discusses IBM Security Systems and their capabilities. It provides an agenda that covers the security landscape, IBM security capabilities, and their strategic direction focused on security intelligence, advanced threats, mobile security, and cloud computing. It summarizes IBM's approach of delivering intelligence, integration, and expertise across a comprehensive security framework.
Cloud computing is a paradigm evolution that benefits from virtualisation technologies and introduces “everything-as-a-service” as a technical and business concept supported by pay-per-use pricing models. Whilst the on-demand characteristics of this novel paradigm provide revolutionary advances in technical ability, the changes while incorporating this into an IT infrastructure raise many complex problems and risks with regards to auditing. Auditing is the process of tracing and logging significant events the take place during the system run-time for analysis, and can be seen as a vital tool in validating and securing systems.
Best Practice For Public Sector Information Security And ComplianceOracle
The document provides an agenda and details for a webcast on information security and compliance in the public sector hosted by Oracle. The agenda includes presentations on Oracle's information security and end-to-end security architecture. The document outlines common security issues faced by customers and how Oracle's solutions can help address deficiencies found by auditors through features such as centralized authorization, identity management, and role management.
Building a Secure Cloud with Identity ManagementOracleIDM
This document discusses building secure identity management in the cloud. It identifies security as the top barrier to cloud adoption due to concerns about trusting third parties with data and the risk of security breaches. The document outlines how identity management solutions can help bridge security gaps between enterprises and the cloud by providing standardized authentication, authorization, user provisioning and other identity capabilities. It also describes Oracle's identity management offerings and how SaskTel's Identity Management Center of Excellence can help customers adopt identity solutions in the cloud.
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
Symantec Endpoint Protection 12, optimized for virtual environments, offers organizations the vital protection needed to effectively safeguard information from attackers. Symantec Protection Center 2.0 draws upon correlated visibility from multiple security products to provide relevant actionable intelligence that reduces risks to business.
The document appears to be a slide presentation about cost-effective security and compliance solutions from Oracle. The presentation includes an agenda that covers topics like enterprise information security, Oracle identity and access management, a case study on Oracle identity management, information rights management, and next generation security challenges. It also includes slides on identity thieves, auditors and regulators, rogue employees, privileged users, and Oracle's security solutions and leadership in the identity management market.
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
Encryption is emerging as a key cloud security control that can address many cloud compliance and regulatory issues. It isolates data in multi-tenant environments, demonstrates adherence to regulations, and establishes trust in the cloud. Encryption fundamentally solves issues around data access, ownership, isolation between tenants, and separation of duties. SafeNet offers encryption products like ProtectV and Data Secure that maintain customer control over encrypted data in the cloud.
This document discusses security breaches at Sony, HBGary, and RSA and identifies common weaknesses that allowed the attacks to succeed. It then reviews practices and solutions that could help prevent such breaches, including improved user training, message screening, vulnerability management, and infrastructure visibility. The document emphasizes that deploying security solutions without effective monitoring renders them less useful for defense against modern targeted attacks, zero-day vulnerabilities, and custom malware.
The document discusses Privileged Identity Management (PIM) solutions from CyberArk. It provides an overview of the Secure Digital Vault for securely storing credentials at rest and in motion. It also summarizes the Enterprise Password Vault for preventing threats and improving productivity by controlling privileged access. Finally, it briefly outlines the Application Identity Manager for securing and managing application identities and credentials.
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
The document provides an overview of Micro Focus' security, risk, and governance portfolio including products for data governance, application security, identity and access management, endpoint security, security operations, information archiving, and analytics. It discusses specific Micro Focus products that can help with various regulatory requirements. ArcSight is presented as a next-generation security operations platform that utilizes threat intelligence, machine learning, and crowdsourced defenses. Fortify is described as enabling application security throughout the development lifecycle. NetIQ is highlighted as providing zero-trust identity and access management solutions based on principles of least privilege, identity assurance, and leveraging context without assuming trust.
The document discusses key concepts related to identity systems, including subjects, relying parties, attributes, and the basic functions of an identity provider. It outlines a basic identity system model where the identity provider authenticates the user and authorizes the release of attributes to relying parties. It also covers important topics such as user trust, authentication methods, credential management, directed identity, attribute sources, and security and availability challenges.
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
The document discusses how integrating data protection into software development life cycles (SDLC) can help close hidden gaps where data governance is often absent. It notes that many SDLCs skip critical data classification steps until late in the process, resulting in inconsistent data protection and governance gaps. The document proposes a parallel SDLC approach that classifies regulated data early and links it to compliance actions to design roles and controls for user entitlements.
Oracle Identity Management improves security, compliance, and efficiency through centralized user provisioning, access management, and audit reporting. It enforces consistent security policies across systems, automates user provisioning and access based on defined roles, and streamlines compliance reporting to reduce costs.
The document discusses security best practices, focusing on the Microsoft Security Development Lifecycle (SDL). The SDL is a 6-month iterative process that includes threat modeling, secure coding guidelines, code reviews, testing, and response. It aims to integrate security into all phases of development. Key SDL principles discussed are attack surface reduction, basic privacy, threat modeling, defense in depth, least privilege, and secure defaults.
This document discusses Oracle SOA Suite and its integration adapters. It begins with trends in application integration such as integrating on-premise, cloud, and external applications. It then provides an overview of Oracle integration adapters, which provide a unified connectivity architecture to integrate information from various on-premise, legacy, and cloud systems. The adapters enable reusable services that can publish and extract data from different systems, facilitating integration and extension. The document will cover integration with enterprise applications, mainframes, cloud integration, and the future of integration technologies.
This document discusses integrating cloud applications with Oracle SOA Suite. It begins with an agenda for the document which includes planning for cloud integration projects, implementation considerations, and a case study of cloud integrations at BMC. It then discusses how cloud integration projects should be planned like any application integration project, covering issues such as data modeling differences, functional configuration, and non-functional setup. It also positions Oracle SOA Suite as a mature platform for enabling cloud integrations.
Kraft Foods Russia implemented Oracle Transportation Management to manage their growing logistics operations. The key goals were to increase transport availability, maximize truck utilization, manage warehouse workloads to prevent demurrage charges, and provide full visibility into all logistics processes. The TMS provided full coverage of import/export logistics, national transportation, customs processes, and financial management. It resulted in harmonized operations across plants, warehouses, carriers and customs brokers with improved scheduling, cost optimization, and transparent monitoring of key performance indicators.
The document discusses integrating SAP with OTM. It provides background on SAP and OTM history, highlights key design considerations, and common challenges. The real challenge is to fully understand the end-to-end supply chain business process and requirements to define necessary system support. Clarifying ownership of supply chain segments, business pressures on the IT landscape, and whether the TMS can optimize loads is important.
This document discusses troubleshooting Oracle Transportation Management (OTM) issues. It covers understanding the problem, reviewing OTM logs, and researching support resources. Troubleshooting steps include simplifying test cases, reviewing log files, and searching the knowledge base. It also provides tips for working effectively with Oracle support, such as providing thorough service request details, monitoring request status, and escalation procedures.
This document discusses data management challenges for Oracle Transportation Management (OTM) users. It outlines that mapping user data to OTM business objects and tables can be difficult due to complexity. Formatting data for OTM can also be a pain point. The document recommends getting experience from peers, using standard OTM functionality, working with partners knowledgeable in OTM and user systems, and leveraging commercial accelerators and data maintenance tools to help mitigate these issues.
Mr. OTM defeated Mr. TIMWOOD in a boxing match by using various strategies to remove waste from logistics operations. OTM identified multiple types of waste created by TIMWOOD, such as transportation, inventory, motion, waiting, overproduction, overprocessing, and defects. OTM implemented solutions using its capabilities to continuously improve operations and sustainably remove waste. These solutions included optimizing container loading, ensuring fitment parts were not left out during shipments, resequencing stops to address last minute changes, pooling transportation to the same regions, automating invoice data loading, and using mobile apps to track shipments and reduce damages and waiting times. By removing over 80% of the waste created by T
The document summarizes the key priorities and reflections from a think tank on the European Commission's 2011 White Paper on Transport. The think tank identified five priorities for the freight transportation industry: 1) dedicated freight corridors and terminals, 2) completing the Trans-European Transport Network, 3) financing and taxation policies to fund environmental improvements, 4) harmonizing regulations, and 5) ensuring sustainability. The think tank expressed concerns that some of the White Paper's goals may not be achievable with current technology or may negatively impact competitiveness and called for a greater focus on optimizing existing infrastructure usage.
This document discusses how APL Logistics uses Oracle Transportation Management (OTM) to streamline operations and provide value to customers. It notes that planning shipments manually via email led to inefficiencies and errors. OTM allows APL Logistics to automate planning through configurable business rules that account for factors like delivery windows, commodity restrictions, and co-loading guidelines. OTM provides audit trails and repeatable deployment of planning algorithms to different customers. This helps APL Logistics standardize processes while complying with each customer's unique requirements.
This document provides an overview of Oracle Transportation Management's 3D Load Configurator tool. It discusses what the tool is, how to configure master data and planning parameters, how to view 3D output and load configurations, potential pros and cons, and lessons learned. The tool aims to optimize container utilization by efficiently packing 3D objects into containers while considering orientation and stacking constraints. It allows users to visualize load configurations in 3D and extract details on individual placements. Proper master data and parameter configuration is required to ensure the tool works as intended.
This document discusses the history of Oracle Transportation Management (OTM) implementation processes in Europe and outlines best practices for data management and user access management. It describes how early OTM projects relied on individual efforts which led to inconsistencies. Over time, common tools and processes were developed but still varied between projects. The document advocates defining standardized best practices to achieve maturity and consistency across implementations. It provides recommendations for best practices in areas like using repeatable processes to load data efficiently while allowing for change, and defining a single user access model.
The document discusses web services security in Oracle Transport Management (OTM). It provides an overview of service-oriented architecture (SOA) and web services standards like WS-Security and WS-Policy. It then describes how OTM has implemented support for web services security over multiple versions, moving from transport-level security to supporting message-level security standards. It also outlines potential future enhancements to OTM's web services security capabilities.
This document provides a summary of updates to Oracle's Transportation Management and Global Trade Management products. Some key highlights include:
- OTM 6.3 includes over 200 enhancements across innovation, extension of capabilities, and improved user experience. Features include mobile support, optimization algorithms, and business intelligence tools.
- GTM 6.3 includes new modules like customs management and enhanced restricted party screening. It provides an integrated platform for global trade and transportation functions.
- The combined OTM and GTM platform on a single database allows for linking of trade and transportation transactions for improved visibility and reduced cost of ownership.
Oracle acquired G-Log to become a leader in the transportation management software market. Oracle aims to grow its global market share by expanding into new geographic markets like Asia, South America, and the Middle East and targeting industries like automotive, consumer goods, and retail. Oracle's product roadmap focuses on strategic planning, optimization, rates, fleet management, imports, trade programs, analytics, mobile, discovery, and in-memory databases.
The document discusses Oracle Fleet Management and its capabilities. It provides an overview of the fleet management market and challenges faced. It then describes Oracle's fleet management solution, highlighting its ability to optimize fleets across transportation operations, generate static and dynamic routes, manage drivers and driver pay, and provide dispatch and mobile communications. A case study of Omnisource Corporation's use of Oracle's solution is also mentioned.
The document discusses OmniSource's implementation of an integrated transportation management system to manage its fleet operations. Key aspects include integrating the system with on-board trip computers, enabling proactive dispatching and tracking of the 1000+ vehicles and equipment. It outlines the end-to-end workflow from shipments being assigned to drivers to events being captured during trips. Challenges mentioned are change management, integrating with different EOBR vendors and regional operations.
Unilever implemented Oracle Transportation Management (OTM) to standardize and optimize its North American inbound and outbound transportation processes. The multi-year project involved rolling out OTM to 29 plants, 29 distribution centers, 164 co-packers, and over 800 suppliers across the US and Canada. While the implementation faced some challenges around dock scheduling, carrier EDI connectivity, and rate data issues, the initial pilot helped address many of these. Current focus areas include improving system integration between OTM and SAP, setting up EDI for ocean shipments, and leveraging OTM's optimization capabilities.
Fusion Applications provide secure role-based access out of the box. Roles are defined by job duties and data access needs. When a new "Procurement Manager" position is created for a German operation, Fusion automatically generates a new "Procurement Manager - Germany" data role. Doris is hired for the role and immediately has the access required to perform her job duties while restricting her access to only relevant German data.
The document discusses Oracle Fusion Applications' technical architecture. It describes a 3-tier logical architecture with client, application, and database tiers. The application tier is built on Oracle Fusion Middleware infrastructure services including identity management, business intelligence, and content management. It also utilizes components like the Applications Core for user experience and extensibility.
This document discusses integration patterns between Oracle Fusion Applications in the cloud and on-premise systems. It describes the Fusion Applications integration architecture, including the use of standards-based web services and the Oracle Enterprise Repository (OER) catalog. The document also covers common integration patterns such as invoking web services in the cloud from on-premise systems, sending notifications to the cloud, and performing data integration through bulk and incremental imports.
2. Critical Data Protection and Security in Oracle E-Business Suite
Eric Bing – Senior Director, Applications Product Security
Robert Armstrong – Senior Manager, Applications Product Security
3. The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
4. Agenda
• Business Drivers
• Security Challenges <Insert Picture Here>
• Security Inside Out
• End-to-End Security
• E-Business Suite (EBS) Secure Configuration
• Secure Your Environment
• Externalizing EBS Security
• Spreading out from the Apps tier
• EBS Integrations
• Leveraging Oracle Technology
• Q&A
6. Security for Web based Loan Origination
start
Credit Rating
Get Rating
Handle Negative
Credit Exception
Send Loan Application Send Loan Application
United Loan Star Loan
Receive Loan Offer Receive Loan Offer
? Select Lowest Offer
end
7. Security Vulnerabilities
2. SSN sent in clear text 1. Anyone who can access the
<SSN> start
server can initiate loan
Credit Rating
011-22-4488
</SSN>
applications
Get Rating
Handle Negative
Credit Exception
Send Loan Application Send Loan Application
United Loan Star Loan
Receive Loan Offer Receive Loan Offer
3. Response must go
through the firewall ? Select Lowest Offer
4. How can I be sure no
end other sensitive data
is unprotected?
8. Comprehensive Security Results
2. Securing Privacy: Auto- 1. Security Policy: Role-based
Encryption of PII in XML start access control
message Rating
Credit
Get Rating
Handle Negative
Credit Exception
Send Loan Application Send Loan Application
United Loan Star Loan
Receive Loan Offer Receive Loan Offer
3. Management: Service
virtualization in DMZ ? Select Lowest Offer
4. Audit & Compliance:
end
System-wide services
monitoring
9. More Regulations Than Ever…
UK/PRO
PIPEDA
EU Data Directives
Sarbanes-Oxley GLBA
PCI Basel II
Breach Disclosure FISMA K SOX
Euro SOX
J SOX
HIPAA
ISO 17799
SAS 70 COBIT
AUS/PRO
90% Companies behind in compliance
Source: IT Policy Compliance Group, 2007.
Oracle Confidential
9
13. 3 Comprehensive Data Protection
When Applications Are Targeted
When Data Is In Motion
When Data Is At Rest
When Data Is Cloned
When Data Is Administered
14. Oracle Security Inside Out
Database Security
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
Identity Management
• User Provisioning
• Role Management
• Entitlements Management
Information • Risk-Based Access Control
Infrastructure • Virtual Directories
Databases Information Rights
Applications Management
Content • Track and Audit Document Usage
• Control and Revoke Document Access
• Secured Inside or Outside Firewall
• Centralized Policy Administration
Oracle Confidential
14
17. Secure Configuration
11i – Support note 189367.1
R12 - Support note 403537.1
CPUs
Apply them!
Evaluating a 11i Cumulative CPU
Resolve dependencies and superceded patches
Based / testing on 11.5.10CU2
18. Default Passwords
Ensure that you’ve changed all default passwords:
DB accounts
Support Note 361482.1
Patch 4926128
Apps users
- Check script is part of Apr CPU - fnddefpw.sql
- 11i: Patch 7831891
19. Security Profiles
Oracle strongly recommends the following settings for
Security Profiles:
FND: Diagnostics -> NO
Restrict Text Input -> Yes
FND Validation Level -> ERROR
FND Function Validation Level ->ERROR
Framework Validation Level -> ERROR
See Oracle Support note 946372.1 - Secure Configuration of E-
Business Suite Profiles
Contains Information on what these do and what to test when turning
these on.
FND Validation Level is the only one of these which is off by
default in 11i.
20. FND Validation Level
Products must be at the 11.5.10CU2 level or above to
use FND Validation Level.
Benefit: Provides defense in depth against parameter
and URL tampering
May prevent direct access (via a bookmark or URL) to
pages that are not considered "launch pages" or
"bookmarkable pages“
Customized integration points which navigate into the E-
Business Suite should be tested.
Prerecorded scripts (Winrunner) may need special
treatment…
21. Fixed Key Profiles
With FND Validation Level on, the URI and
parameters are unique for each session
If you need to run prerecorded scripts – you can set
these at the user level
Oracle recommends that the Fixed Key profiles not be
used in production environments
Set both
FND: Fixed Key Enabled - Y
FND: Fixed Key – Hexadecimal string of size 64
22. Password Hashing
Non-Reversible Password Hashing
Support Note 457166.1
Stores local Applications user passwords as non-reversible
hashes
Available as of 11i ATG RUP6, 12.0.4 and 12.1
Upgrade your desktop clients
Use FNDCPASS to migrate following the note
Backup & Test carefully – migration is…non-reversible
24. Apps Schema Access
SOA Suite
Apps Adapter
(PL/SQL execution)
Issues
External applications for database oriented activities
Schema password keeps changing
Standard based access
Current Solution
Create a new schema and provide privileges
Provide apps password to external system
25. Solution
Application Data Source
Application Data Source Implementation
J2EE/JDBC standards based
On the External Tier Application Server
Register the Application Data Source
Register the Node as trusted Node
Create a new Application User
Grant Role (shipped) to this User
Register this new User in the Application Server
26. JAAS implementation for EBS
New Solution
E-Biz light-weight LoginModule, compliant with JAAS
specifications, works with JDK or J2EE environments.
Implement JAAS Authentication using AOL security
System
Implement JAAS Authorization using UMX roles.
27. JAAS for EBS
Leverage EBS
Authentication
ADF,
Web-Services
and Authorization
EJB
(WebLogic)
28. E-Business Suite / Oracle Access Manager
Integration Architecture
Build on secure foundation for existing integrations
Focus on stability and scalability
Improve ease of integration for new implementations
Provide easy transition for Oracle Single Sign-On
Server integrations
“Future-proof” identity management stack
29. E-Business Suite / Oracle Access Manager
Integration Architecture
EBS Access Gateway Application
Moves authentication into an external service
Fewer points of integration makes it easier to certify future
releases
Insulates E-Business Suite instance from user authentication
configuration
Single application works for E-Business Suite
Release 11i and Release 12
No release-specific or OAM-dependent code
Availability planned for 2010
Watch for announcements on Oracle E-Business Suite
Technology Blog (http://blogs.oracle.com/stevenChan/)
30. Architecture Overview
E-Business Suite
instance
Configured to
use Access
Gateway
Access Gateway
protected by OAM
32. Oracle Audit Vault
Applications are validated by Default
Database auditing is underneath the Application
Application User Auditing
Application can set the database “Client Identifier” to tie application
user with application shared account
Database Auditing can be used to monitor
Audit base application tables and views
Privileged user operations in the database (logins, user/table
create)
33. Setting Client Identifier
Any application running on Oracle database can set the client
identifier
E-Business Suite (planned)
Single line of initialization logic that needs to be added:
dbms_session.set_identifier(substrb(fnd_global.username, 1, 64));
Application sets
client_info to User A
User A
connects Oracle Audit Record
Application uses
Server client_identifier
Application resets
client_info to User B Oracle
User B Database
connects
34. Oracle Audit Vault
Application Integration
1. Turn on database auditing
Set the database parameters audit_trail, audit_trail_dest,
audit_sys_operations
2. Determine the application tables to audit
audit <table> by access;
3. Configure Audit Vault to collect the database audit
trail
4. Setup alerts in Audit Vault
5. View Reports
38. Data Base Vault
DB Vault
Separation of Duties for DBA roles
Concerns
Customizations to realms
Patching with DB Vault on
Generic accounts (APPS / SYSTEM) have access to
sensitive data
39. Customizing DB Vault
Default realm we ship with contains all Apps objects
We now support realms that are subsets of this
Need to ensure that all the procedures and patches in
Support Notes are followed
Any subsets will be treated as certified
Any additions will be treated as customizations
Detailed example of extending EBS realms in Support
Notes
40. Patching DB Vault
We now support patching the EBS Applications with
DB Vault still on
Instructions in Support notes
Pre and post patching scripts to give SYSTEM additional
privs
Suggest auditing during patch window
Ensure named users are used
Can use proxy access for named users to reduce
administration
See Support Note on Using DB Vault in the E-Business Suite
for suggestions on how to minimize use of generic accounts
41. Providing Separation of Duties with (or without) DB
Vault
Use named accounts
Use proxying
Don’t have DBAs doing normal activities in the APPS and
SYSTEM accounts
Customizing Realms
Reducing seeded realms not considered a customization
OS access
Use named accounts
Delegate common tasks through sudo or EM
Remove write and read for non-owners (0500 or 0700)
42. Support Notes on E-Business Suite with DB Vault
Guidance Document (New)
• 950018.1 Using Database Vault in the E-Business Suite
Implementation Instructions
• 428503.1 Integrating Oracle E-Business Suite Release 11i with
Oracle Database Vault 10.2.0.4
• 859399.1 Integrating Oracle E-Business Suite Release 11i with
Oracle Database Vault 11.1.0.7
• 566841.1 Integrating Oracle E-Business Suite Release 12 with
Oracle Database Vault 10.2.0.4
• 859397.1 Integrating Oracle E-Business Suite Release 12 with
Oracle Database Vault 11.1.0.7
43. Transparent Data Encryption (TDE) Certification
SQL Layer
Protecting data at rest
Column-level TDE Buffer Cache
Certified for 10GR2 and 11G “SSN = 834-63-..”
R11i and R12
Tablespace TDE
Certified for 11G Database
R11i and R12
data blocks
“*M$b@^s%&d7”
undo temp
blocks blocks
redo flashback
logs logs
44. Oracle Label Security (OLS) / Virtual Private
Database (VPD)
Additional Apps level protections?
Yes, Apps uses it this way for MOAC
Protection at DB level?
Involves protecting your context as well
Need to work through performance issues
Need to work through implications of limiting row
visibility
All VPD treated as customization
45. 11gR2 certification
11.5.10.2 completed
12 still working
Advanced Security Option
Advance Network Encryption
TDE and DB Vault not included in initial cert
Certification will follow
46. Futures
PCI - PA-DSS certification and whitepaper
DB Vault – patching without generic accounts
OS level protections
PII - Sensitive data collection and realms
Sensitive pages - Guest, Admin pages
Exposure of core FND APIs to external developers
48. Oracle Software Security Assurance Sessions at
Oracle OpenWorld
Related Sessions
• S309974: Securing Oracle E-Business Suite with Oracle Identity and
Access Management, Tuesday October 13th, 17:30 - 18:30 Marriott Hotel
Salon 3
• S311455: Tips/Tricks for Auditing PeopleSoft and Oracle E-Business Suite
Applications from the Database Tuesday October 13th, Moscone South
Rm 306
• S311337: Secure Your Existing Application Transparently in 30 Minutes or
Less, Wednesday October 14th, Moscone South Rm 103