1 / 25

Miss Scarlet with a lead pipe, in the library

Miss Scarlet with a lead pipe, in the library. Cluedo - the game. Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope, one die, pad of detective notebook sheets. Goal: To correctly name the murderer, murder weapon, and murder location.

yepa
Download Presentation

Miss Scarlet with a lead pipe, in the library

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Miss Scarlet with a lead pipe, in the library

  2. Cluedo - the game • Players: 3 to 6 • Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope, one die, pad of detective notebook sheets. • Goal: To correctly name the murderer, murder weapon, and murder location. • Setup - Sort the cards by type and shuffle each pile face-down. Without looking, take one suspect card, one weapon card, and one room card, and slide them into the secret envelope.

  3. Cluedo - the tools

  4. Deon Roos Enterprise Architect Oracle Corporation South Africa

  5. Quality Assurance End User Developer Power Users hAck3rs Dev, QA, Test Prod Report Server • Sys Admin • Network Admin • Storage Admin • DBA Storage Storage Backup Server HW Vendor

  6. Database Defense-in-Depth Encryption and Masking • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Access Control • Oracle Database Vault • Oracle Label Security Auditing and Monitoring Encryption & Masking • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall Access Control Auditing & Monitoring Blocking & Logging Blocking and Logging • Oracle Database Firewall

  7. Database Defense-in-Depth Encryption and Masking • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Access Control • Oracle Database Vault • Oracle Label Security Auditing and Monitoring • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall Encryption & Masking Access Control Blocking and Logging Auditing & Monitoring • Oracle Database Firewall Blocking & Logging

  8. Quality Assurance End User Developer Power Users hAck3rs SSL Dev, QA, Test Prod Report Server • Sys Admin • Network Admin • Storage Admin • DBA Storage Storage Backup Server HW Vendor

  9. Database Defense-in-Depth Encryption and Masking • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Access Control • Oracle Database Vault • Oracle Label Security Auditing and Monitoring • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall Encryption & Masking Access Control Blocking and Logging Auditing & Monitoring • Oracle Database Firewall Blocking & Logging

  10. Quality Assurance End User Developer Power Users hAck3rs Dev, QA, Test Prod Report Server Sensitive Confidential • Sys Admin • Network Admin • Storage Admin • DBA Public Storage Storage Backup Server HW Vendor

  11. Database Defense-in-Depth Encryption and Masking • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Access Control • Oracle Database Vault • Oracle Label Security Auditing and Monitoring • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall Encryption & Masking Access Control Blocking and Logging Auditing & Monitoring • Oracle Database Firewall Blocking & Logging

  12. Quality Assurance End User Developer Power Users hAck3rs Discover Classify Assess Prioritize Fix Monitor ConfigurationManagement & Audit AssetManagement PolicyManagement Vulnerability Management Analysis & Analytics Dev, QA, Test Prod Report Server Auditing vault • Sys Admin • Network Admin • Storage Admin • DBA Storage Storage Backup Server HW Vendor

  13. `

  14. Why Audit? • Compliance Mandates It • SOX, PCI-DSS, HIPAA ….. • Your auditor told you to do it • You don’t want to end up in the news • Maintain customer trust

  15. Business drivers • Detective controls • Monitor privileged application user accounts for non-compliant activity – trust but verify • Audit non-application access to sensitive data (credit card, financial data, personal identifiable information, etc) • Verify that no one is trying to bypass the application security controls • Line items are changed in order to avoid business processes and approvals • Cost of compliance • Eliminate costly and complex scripts for reporting • Reduce reporting costs for specific compliance audits

  16. Standard Auditing • Statement Auditing • Statement auditing audits SQL statements by type of statement, not by the specific schema objects on which the statement operates • Data definition statements (DDL). • Data manipulation statements (DML). • Object Auditing • Schema object auditing is the auditing of specific statements on a particular schema object. • Privilege Auditing • Privilege auditing is the auditing of SQL statements that use a system privilege. You can audit activities of all database users or of only a specified list of users.

  17. Database Audit Requirements SOX PCI DSS HIPAA Basel II FISMA GLBA • Accounts, Roles & Permissions • Do you have visibility of GRANT and REVOKE activities? ● ● ● ● ● ● • Failed Logins • Do you have visibility of failed logins and other exception activities? ● ● ● ● ● ● • Privileged User Activity • Do you have visibility of users activities? ● ● ● ● ● ● • Access to Sensitive Data • Can you have visibility into what information is being queried (SELECTs)? ● ● ● ● ● • Schema Changes • Are you aware of CREATE, DROP and ALTER Commands that are occurring on identified Tables / Columns? ● ● ● ● ● ● • Data Changes • Do you have visibility into Insert, Update, Merge, Delete commands? ● ● What do you need to audit? Health Insurance Portability Account Act - Federal Info Sec Man Act – Gramm-Leech-Bliley Act

  18. Policies ! Alerts Built-in Reports Custom Reports Oracle Audit Vault Automated Activity Monitoring & Audit Reporting Oracle Sybase ASE 12.5.4 - 15.0.x Siebel Audit Data MS SQL Server 2000, 2005, & 2008 A HCM Auditor DB2 8.2 - 9.5 on Linux, Unix, Windows • Various DB sources • Adapters for packaged applications • Audit warehouse • Secured audited data • Segregation of duties • Completeness of audit • Encryption at rest • Consolidated auditing • Performance & scalability • Easy to use reports • Central provisioning of policies • Meet compliance reporting • Proactive – alerts & notifications (SMS/email) • Pre-defined & custom reports Encryption in transit

  19. Default reports

  20. Out of the box - Compliance reports

  21. Database Defense-in-Depth Encryption and Masking • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Access Control • Oracle Database Vault • Oracle Label Security Auditing and Monitoring • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall Encryption & Masking Access Control Blocking and Logging Auditing & Monitoring • Oracle Database Firewall Blocking & Logging

  22. Quality Assurance hack3rs End User Developer Power Users hAck3rs Dev, QA, Test Prod Report Server • Sys Admin • Network Admin • Storage Admin • DBA Storage Storage Backup Server

  23. database security oracle.com/database/security For more Information search.oracle.com

More Related