Presentation is loading. Please wait.

Presentation is loading. Please wait.

Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,

Similar presentations


Presentation on theme: "Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,"— Presentation transcript:

1

2 Miss Scarlet with a lead pipe, in the library

3 Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope, one die, pad of detective notebook sheets. Goal: To correctly name the murderer, murder weapon, and murder location. Setup - Sort the cards by type and shuffle each pile face- down. Without looking, take one suspect card, one weapon card, and one room card, and slide them into the secret envelope. Cluedo - the game

4 Cluedo - the tools

5 During setup... 1.Show all the players the cards before putting them in the secret envelope 2.Have a camera identifying the cards that goes into the secret envelope 3.Or have video cameras throughout the board scene This will save a lot of time Save some trees because of the detective notes So instead of going through all the clues and detective notes we would solve the crime Cluedo – the solution

6 Deon Roos Enterprise Architect Oracle Corporation South Africa

7

8 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server hAck3rs

9 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

10 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

11 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server SSL hAck3rs

12 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

13 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server Sensitive Confidential Public hAck3rs

14 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

15 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server Auditing vault hAck3rs Configuration Management & Audit Vulnerability Management Fix Analysis & Analytics Prioritize Policy Management AssessClassify Monitor Discover Asset Management

16 `

17 Why Audit? Compliance Mandates It –SOX, PCI-DSS, HIPAA ….. Your auditor told you to do it You don’t want to end up in the news Maintain customer trust

18 Detective controls –Monitor privileged application user accounts for non-compliant activity – trust but verify –Audit non-application access to sensitive data (credit card, financial data, personal identifiable information, etc) –Verify that no one is trying to bypass the application security controls –Line items are changed in order to avoid business processes and approvals Cost of compliance –Eliminate costly and complex scripts for reporting –Reduce reporting costs for specific compliance audits Business drivers

19 Statement Auditing Statement auditing audits SQL statements by type of statement, not by the specific schema objects on which the statement operates Data definition statements (DDL). Data manipulation statements (DML). Object Auditing Schema object auditing is the auditing of specific statements on a particular schema object. Privilege Auditing Privilege auditing is the auditing of SQL statements that use a system privilege. You can audit activities of all database users or of only a specified list of users. Standard Auditing

20 Database Audit Tables –Collect audit data for standard and fine-grained auditing Oracle audit trail from OS files –Collect audit records written in XML or standard text file Operating system SYSLOG –Collect Oracle database audit records from SYSLOG Redo log –Extract before/after values and DDL changes to table Database Vault specific audit records User Object Statement Privilege Condition AUD$ REDO Log FGA_LOG$ Audit on Logged in OS Logs

21 ●●●●●● Failed Logins Do you have visibility of failed logins and other exception activities? ●●●●●● Accounts, Roles & Permissions Do you have visibility of GRANT and REVOKE activities? ● ● ● FISMA ● ● ● ● Basel II ●●●● Privileged User Activity Do you have visibility of users activities? ●●●● Schema Changes Are you aware of CREATE, DROP and ALTER Commands that are occurring on identified Tables / Columns? ● Data Changes Do you have visibility into Insert, Update, Merge, Delete commands? ●●● Access to Sensitive Data Can you have visibility into what information is being queried (SELECTs)? GLBAHIPAA PCI DSS SOX Database Audit Requirements What do you need to audit? Health Insurance Portability Account Act - Federal Info Sec Man Act – Gramm-Leech-Bliley Act

22 Siebel MS SQL Server 2000, 2005, & 2008 Sybase ASE x HCM Audit Data Policies Built-in Reports Alerts Custom Reports ! Auditor Various DB sources Adapters for packaged applications Oracle DB on Linux, Unix, Windows Easy to use reports Central provisioning of policies Meet compliance reporting Proactive – alerts & notifications (SMS/ ) Pre-defined & custom reports A Encryption in transit Audit warehouse Secured audited data Segregation of duties Completeness of audit Encryption at rest Consolidated auditing Performance & scalability Oracle Audit Vault Automated Activity Monitoring & Audit Reporting

23 Default reports

24 Out of the box - Compliance reports

25 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

26 hAck3rs Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA Backup Server hack3rs

27 oracle.com/database/security search.oracle.com database security For more Information

28


Download ppt "Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,"

Similar presentations


Ads by Google