Get documents about "Presentation by Derick Cassidy - Reboot Communications Limited
Document Sample
1
<Insert Picture Here>
Security as an Information Enabler - Security Inside Out
Derick Cassidy, CISSP-ISSAP
Security Lead - Office of the CTO
Oracle Public Sector
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any features
or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
3
Security Agenda
• The mandate of Security <Insert Picture Here>
• Security components
– Infrastructure
– Database
– Middleware
– Applications
• The ‘information aware’ platform
• Accenture client use case
• Summary
4
The Mandate of Security
5
The Enterprise Architecture of Cyber Security
Adapted from: Identity Management Reference Architecture Practicum Report,
6
Security Threat Impact
7
Oracle Security Inside Out
Infrastructure
Security
Database
Security
Information
Middleware Security
Infrastructure
Databases
Middleware
Applications
Applications
8
Infrastructure Security Defense In Depth
• Protect data at rest from unauthorized disclosure and alteration.
• Achieve performance and security with hardware acceleration of encryption / decryption
• Improve run-time security by buffer overflow attacks
• Shield cryptographic keys from theft with tamper resistant hardware device
• Reduce risk of data loss though use of virtualized desktop and app delivery methods
• Platform is tailored based on the security requirements of the organization
Hardware Storage & Workload Secure
Encryption . Key Mgmt Isolation Service
Delivery
• UltraSPARC T2 / T2+ / T3 • SCA 6000 • Hard Partitions • Secure Network Access
• Intel Xeon 5600 • LTO-5 • Hypervisor Mediation • Oracle Solaris Trusted
• SCA 6000 • T9040D • Kernel Separation Extensions
• T10000B • SunRay • Fine grained audit
• Storage 6XX0 • Oracle Secure Zones • Unified cryptographic
• StorageTek KMS Infrastructure
9
Database Security Defense In Depth
• Monitor and block threats before they reach databases
• Track changes and audit database activity
• Control access to data within the database
• Prevent access by non database users
• Remove sensitive data from non production environments
Monitoring Auditing Access Encryption
& Blocking Control & Masking
• Audit Vault • Database Vault • Advanced Security
• Database Firewall
• Total Recall • Label Security • Secure Backup
• Configuration • Identity Management • Data Masking
Management
1
Middleware Security Defense In Depth
• Service oriented security inline with SOA standards
• Automate user account management for employees, contractors, and citizens
• Reduce help desk calls with self-service
• Consolidate identity repositories to enable authoritative authentication and
authorization decisions
• Enable application security in mission critical applications
• Simplify management by using one console
• Common audit, cryptographic functions, metadata
Identity Access Mgmt Directory Platform
Management Services Security
• Oracle Identity Manager • Oracle Access Manager • Oracle Virtual Directory • Oracle Enterprise Manager
• Oracle Identity Analytics • Oracle Adaptive Access • Oracle Internet • Oracle Platform Security
Manager Directory Services
• Oracle Entitlements Server • Oracle Directory Server
• Oracle Identity Federation Enterprise Edition
• Oracle Enterprise Single
Sign On
• Oracle Web Services
Manager
1
Applications Security Defense In Depth
• Manage compliance in a disciplined fashion
• Transform manual into automated controls
• Create a unified view of risk and compliance
• Satisfy multiple requirements with a common platform
• Rationalize the number and complexity of controls
• Develop an early-warning system for operational risk
• Manage risks and uncover opportunities quantitatively and qualitatively
• Actively monitor and mitigate risks in critical business processes
Knowledge Management Enforcement Compliance
• Fusion GRC Intelligence • GRC Manager • Application Access • Fusion GRC Intelligence
Controls Governor • GRC Manager
• Configuration Controls • Controls Governors
Governor
• Transaction Controls
Governor
• Preventive Controls
Governor
1
The Information Aware Platform
Infrastructure Security
• Hardware Accelerated Encryption
• Secure Key Management and Storage
• Strong Workload Isolation
• Secure Service Delivery Platforms
Database Security
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
• Monitor and Block
Middleware
Information
• User and Role Management
Infrastructure • Access Management
• Virtual Directories
Databases • Rights Management
• Identity Governance
Middleware
Applications
Applications
• Track and Audit Content Usage
• Centralized Policy Administration
1
The Benefits of a Security Program
2
Summary
Complete
Open
Integrated
AND Secure!
2
2
