Docstoc

Presentation by Derick Cassidy - Reboot Communications Limited

Document Sample
Presentation by Derick Cassidy - Reboot Communications Limited Powered By Docstoc
					1
      <Insert Picture Here>




Security as an Information Enabler - Security Inside Out
Derick Cassidy, CISSP-ISSAP
Security Lead - Office of the CTO
Oracle Public Sector
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any features
or functionality described for Oracle’s products
remains at the sole discretion of Oracle.




                                                       3
 Security Agenda


• The mandate of Security            <Insert Picture Here>

• Security components
 –   Infrastructure
 –   Database
 –   Middleware
 –   Applications
• The ‘information aware’ platform
• Accenture client use case
• Summary




                                                4
The Mandate of Security




                          5
      The Enterprise Architecture of Cyber Security




Adapted from: Identity Management Reference Architecture Practicum Report,
                                                                             6
Security Threat Impact




                         7
     Oracle Security Inside Out
                                                                          Infrastructure
                                                                             Security



                                                                            Database
                                                                            Security



Information
                                                                       Middleware Security
              Infrastructure

                               Databases

                                           Middleware

                                                        Applications
                                                                          Applications




                                                                                         8
        Infrastructure Security Defense In Depth
  •   Protect data at rest from unauthorized disclosure and alteration.
  •   Achieve performance and security with hardware acceleration of encryption / decryption
  •   Improve run-time security by buffer overflow attacks
  •   Shield cryptographic keys from theft with tamper resistant hardware device
  •   Reduce risk of data loss though use of virtualized desktop and app delivery methods
  •   Platform is tailored based on the security requirements of the organization




         Hardware                   Storage &                       Workload                   Secure
         Encryption                 . Key Mgmt                      Isolation                  Service
                                                                                               Delivery
• UltraSPARC T2 / T2+ / T3 • SCA 6000                  •   Hard Partitions         • Secure Network Access
• Intel Xeon 5600          • LTO-5                     •   Hypervisor Mediation    • Oracle Solaris Trusted
• SCA 6000                 • T9040D                    •   Kernel Separation         Extensions
                           • T10000B                   •   SunRay                  • Fine grained audit
                           • Storage 6XX0              •   Oracle Secure Zones     • Unified cryptographic
                           • StorageTek KMS                                          Infrastructure




                                                                                                    9
        Database Security Defense In Depth
       •    Monitor and block threats before they reach databases
       •    Track changes and audit database activity
       •    Control access to data within the database
       •    Prevent access by non database users
       •    Remove sensitive data from non production environments




           Monitoring               Auditing                         Access              Encryption
           & Blocking                                                Control             & Masking
                            • Audit Vault             • Database Vault         • Advanced Security
• Database Firewall
                            • Total Recall            • Label Security         • Secure Backup
                            • Configuration           • Identity Management    • Data Masking
                              Management




                                                                                               1
         Middleware Security Defense In Depth
  •   Service oriented security inline with SOA standards
  •   Automate user account management for employees, contractors, and citizens
  •   Reduce help desk calls with self-service
  •   Consolidate identity repositories to enable authoritative authentication and
      authorization decisions
  •   Enable application security in mission critical applications
  •   Simplify management by using one console
  •   Common audit, cryptographic functions, metadata




          Identity                    Access Mgmt                     Directory                Platform
          Management                                                  Services                 Security

• Oracle Identity Manager     • Oracle Access Manager      • Oracle Virtual Directory • Oracle Enterprise Manager
• Oracle Identity Analytics   • Oracle Adaptive Access     • Oracle Internet          • Oracle Platform Security
                                Manager                      Directory                  Services
                              • Oracle Entitlements Server • Oracle Directory Server
                              • Oracle Identity Federation   Enterprise Edition
                              • Oracle Enterprise Single
                                Sign On
                              • Oracle Web Services
                                Manager




                                                                                                      1
         Applications Security Defense In Depth
    •   Manage compliance in a disciplined fashion
    •   Transform manual into automated controls
    •   Create a unified view of risk and compliance
    •   Satisfy multiple requirements with a common platform
    •   Rationalize the number and complexity of controls
    •   Develop an early-warning system for operational risk
    •   Manage risks and uncover opportunities quantitatively and qualitatively
    •   Actively monitor and mitigate risks in critical business processes




         Knowledge                   Management                  Enforcement                Compliance


• Fusion GRC Intelligence   • GRC Manager               • Application Access       • Fusion GRC Intelligence
                                                          Controls Governor        • GRC Manager
                                                        • Configuration Controls   • Controls Governors
                                                          Governor
                                                        • Transaction Controls
                                                          Governor
                                                        • Preventive Controls
                                                          Governor




                                                                                                    1
    The Information Aware Platform
                                                                       Infrastructure Security
                                                                       • Hardware Accelerated Encryption
                                                                       • Secure Key Management and Storage
                                                                       • Strong Workload Isolation
                                                                       • Secure Service Delivery Platforms


                                                                       Database Security
                                                                       • Encryption and Masking
                                                                       • Privileged User Controls
                                                                       • Multi-Factor Authorization
                                                                       • Activity Monitoring and Audit
                                                                       • Secure Configuration
                                                                       • Monitor and Block


                                                                       Middleware
Information
                                                                       • User and Role Management
              Infrastructure                                           • Access Management
                                                                       • Virtual Directories
                               Databases                               • Rights Management
                                                                       • Identity Governance
                                           Middleware

                                                        Applications
                                                                       Applications

                                                                       • Track and Audit Content Usage
                                                                       • Centralized Policy Administration




                                                                                                         1
The Benefits of a Security Program




                                     2
Summary




          Complete
          Open
          Integrated

          AND Secure!



                        2
2

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:15
posted:4/13/2011
language:English
pages:16