1 Copyright © 2010, Oracle. All rights reserved. Cyber Security / Cyber Warfare Hype or underestimated? Bert Oltmans Director Defence, Justice and Public.

Slides:



Advertisements
Similar presentations
Conducting your own Data Life Cycle Audit
Advertisements

Technology for the Audit Team Copyright © 2008 ACL Services Ltd. Peter B. Millar Director, Business Development 25 June 2008 ACL AuditExchange 2009.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.
Distributed Systems Architectures
Implementation of a Validated Statistical Computing Environment Presented by Jeff Schumack, Associate Director – Drug Development Information September.
By Rick Clements Software Testing 101 By Rick Clements
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
Making the System Operational
Site Safety Plans PFN ME 35B.
1 Implementing Internet Web Sites in Counseling and Career Development James P. Sampson, Jr. Florida State University Copyright 2003 by James P. Sampson,
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Complete Event Log Viewing, Monitoring and Management.
© 2010 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys.
13 Copyright © 2005, Oracle. All rights reserved. Monitoring and Improving Performance.
Virtualization & Disaster Recovery
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
Customer Service.
Seungmi Choi PlanetLab - Overview, History, and Future Directions - Using PlanetLab for Network Research: Myths, Realities, and Best Practices.
The importance of the service catalogue to the service desk
Chapter 6 Data Design.
R12 Assets A Look Inside SM. Copyright © 2008 Chi-Star Technology SM -2- High-Level Overview R12 Setups –Subledger Accounting –ADI Templates –XML Reports.
Customer Strategic Presentation March 2010
Presentation by Priyanka Sawarkar
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
CA's Management Database (MDB): The EITM Foundation -WO108SN.
Copyright 2001 Advanced Strategies, Inc. 1 Data Bridging An Overview Prepared for DIGIT By Advanced Strategies, Inc.
Internal Control and Control Risk
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.
Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.
Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Stephen S. Yau CSE , Fall Security Strategies.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Dell Connected Security Solutions Simplify & unify.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy”
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
Hybrid Management and Security
BOMGAR REMOTE SUPPORT Karl Lankford
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Contact Center Security Strategies
Information Security Awareness
How to Mitigate the Consequences What are the Countermeasures?
Microsoft Data Insights Summit
6. Application Software Security
Protect data in core business applications
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

1 Copyright © 2010, Oracle. All rights reserved

Cyber Security / Cyber Warfare Hype or underestimated? Bert Oltmans Director Defence, Justice and Public Safety CEE&CIS Region

3 Copyright © 2010, Oracle. All rights reserved Agenda Current Environment Facts & Figures Cyber Security in Defense

4 Copyright © 2010, Oracle. All rights reserved Cyber Security is an extension of traditional IT security that protects applications and data connected to the internet and exposed to attack, including offensive (cyber warfare) as well as defensive and proactive security measures. A Definition

5 Copyright © 2010, Oracle. All rights reserved Threat Environment Cyber Warfare is a reality And many incidents more…and growing Estonia 2007 Georgia 2008 Operation Aurora 2009/2010 Iran Stuxnet Worm 2010

6 Copyright © 2010, Oracle. All rights reserved The network has become the battlefield Used for Communications, collaboration, decision support, simulation and modeling Provides content delivery & information sharing Internet JXTA TM Overlay Peer-to-Peer Network Virtual Mapping SCF / Field Command Sensor Grid The Battlefield Today The network is the battlefield

7 Copyright © 2010, Oracle. All rights reserved The Warfighter Challenge NATO Doctrine: Network Centric Operations require a Share-to-Win attitude Cyber Security Policies mandate a need to know strategy Share-to-win Need- to-know

8 Copyright © 2010, Oracle. All rights reserved The Transformation in Defense Cyber Security is becoming a National concern US Cyber Command (USCYBERCOM) created on May 21, 2010 The admiral said he believes a cyber attack could trigger a response in accordance with Article 5 of the NATO Charter, which states that an attack on any alliance member is an attack on all alliance members Navy Adm. James G. Stavridis, 29 November 2010 – Time Interview

© 2010 Oracle Corporation Data Breach Investigations Report Regional Cyberspace

© 2010 Oracle Corporation 10 Role of Governments Increased importance of National Entities like CERTs to monitor the Nations Critical Infrastructures and provide guidance

© 2010 Oracle Corporation 11 FACTS & FIGURES

12 Copyright © 2010, Oracle. All rights reserved Two Thirds of Sensitive and Regulated Data Resides in Databases… 1,800 Exabytes Amount of Data in Databases Doubles Yearly 2011 Source: IDC, 2008

13 Copyright © 2010, Oracle. All rights reserved Over 900M Breached Records Resulted from Compromised Database Servers TypeCategory% Breaches% Records Database ServerServers & Applications25% 92% Desktop ComputerEnd-User Devices21%1% 2010 Data Breach Investigations Report

14 Copyright © 2010, Oracle. All rights reserved How do Database Breaches Occur? Bad Guys Exploit Your Weaknesses! 48%involved privilege misuse 40%resulted from hacking 38%utilized malware 28%employed social tactics 15%comprised physical attacks 2010 Data Breach Investigations Report

15 Copyright © 2010, Oracle. All rights reserved Cyber Security in Defense Some thoughts 1.Design/Procure Information Systems geared to Threat Environment (including Cyberspace) 2.Treat Information Technology as Mission Critical – not - Mission Enabling 3.Have Policies and Doctrines that acknowledge Cyber Warfare

16 Copyright © 2010, Oracle. All rights reserved Information Systems in Cyberspace It starts with a secure product (1) Plan(4) Act (2) Do(3) Check A model for continuous improvement… (Ref.: PDCA Cycle, originally developed by Walter A. Shewhart; Sometime referred as Deming Cycle.) 1979:Project Oracle with the CIA 1994:First vendor to complete ITSEC and TCSEC validations Advanced Security Option 1998:First vendor to complete Common Criteria EAL4 validation Virtual Private Database 2005:Introduction of the Critical Patch Update 2006: Database Vault Adoption of CVSS …… 2010Ongoing certifications

17 Copyright © 2010, Oracle. All rights reserved Information Systems in Cyberspace And a Secure Implementation TECHNOLOGY PEOPLE PROCESSES CYBER SPACE

18 Copyright © 2010, Oracle. All rights reserved Software Security End User Perspectives Vendor patch issuance Vendor patch issuance practices are most visible with customers, … BUT… Producing secure software requires Focused attention as early as the design phase Ongoing commitment throughout the entire development and pre-release phases Effective remediation procedures Security Patches Service Packs Release QA Secure Development Security Testing Coding Practices Coding Standards Design Requirements

19 Copyright © 2010, Oracle. All rights reserved Make IT Mission Critical Include Deployment and Support User Management Strong Authentication Fine-grained Authorizations User Management Strong Authentication Fine-grained Authorizations Core Platform Security Core Platform Security Access Control Controlling Privileged Users Custom Security Policies RBAC & LBAC Implementation Access Control Controlling Privileged Users Custom Security Policies RBAC & LBAC Implementation Monitoring Enterprise-Wide Auditing Configuration Monitoring Enterprise-Wide Auditing Configuration Data Protection Network Encryption Data Encryption Backup Encryption Data Protection Network Encryption Data Encryption Backup Encryption Secure Operating Environment Multi-Level Security Fault Tolerance Ubiquitous Support Secure Operating Environment Multi-Level Security Fault Tolerance Ubiquitous Support

20 Copyright © 2010, Oracle. All rights reserved Policies & Doctrines Cover Defensive and Offensive measures Implement down to single combat unit

21 Copyright © 2010, Oracle. All rights reserved JICPAC Supports Coalition Forces with Access to Secure Information SOLUTIONS JICPAC Trusted Workstation (TWS): SunRay Ultra-thin client Trusted Extensions for Solaris CC EAL4 Certification on NEBS-certified Sun Servers CHALLENGES / OPPORTUNITIES Security was preserved through air-gap networks (entirely disconnected) yet analyst required multiple networks and therefore 1 to 1 mapping of multiple desktop clients creating clutter and manual process Logging of audit trails was mostly on the honor-system with manual documentation Local clients meant far more maintenance and chance for degradation of information assurance levels OVERVIEW Joint Intelligence Center of the Pacific (JICPAC) is located within the US Pacific Command (PACOM) Pearl Harbor, HI RESULTS Reduced acquisition costs and power consumption through the consolidation of multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies in the secure information workflows with complete audit trails through simultaneous connection to multiple networks Compatible with existing applications since they run in a Solaris open environment

22 Copyright © 2010, Oracle. All rights reserved Albanian MoD Safeguards Classified Data to Prepare for NATO Accession SOLUTIONS Oracle Universal Content Management Oracle Identity Management Oracle Virtual Directory Oracle Access Manager CHALLENGES / OPPORTUNITIES Consolidate all structured and unstructured classified data on a secure, scalable, electronic platform prior to the April 2009 accession to the North Atlantic Treaty Organization (NATO) Enforce the highest internationally recognized standards for providing & auditing authorized access to classified Ministry of Defense (MoD) information Protect the integrity of sensitive military documents relating to Albanias role in NATO operations assurance levels OVERVIEW Agency responsible for implementing the govts defense & foreign policy objectives, & protecting the security of 3.6 million Albanian people Industry: Public Sector Employees: 500 RESULTS Provided a secure Web-based data storage platform to create and publish classified content Offered 100 users a single sign on and secure, seamless access to job-appropriate data Enabled the organization to set up user accounts in only a few hours CUSTOMER PERSPECTIVE Oracles unbreakable security platform enables us to guarantee the integrity of sensitive defense data without impeding access to it by authorized personnel. We now have our data consolidated on a secure, scalable platform - enabling us to prepare for the accession to NATO. Genci Kokoshi, Chief of Information Technology

23 Copyright © 2010, Oracle. All rights reserved For More Information oracle.com/database/security search.oracle.com database security

24 Copyright © 2010, Oracle. All rights reserved Q & A

25 Copyright © 2010, Oracle. All rights reserved

26 Copyright © 2010, Oracle. All rights reserved

© 2010 Oracle Corporation 27 Disk Backups Exports Off-Site Facilities Oracle Advanced Security Protect Data from Unauthorized Users Complete encryption for application data at rest to prevent direct access to data stored in database files, on tape, exports, etc. by IT Staff/OS users Efficient application data encryption without application changes Built-in two-tier key management for SoD with support for centralized key management using HSM/KMS Strong authentication of database users for greater identity assurance Application

© 2010 Oracle Corporation 28 Oracle Database Vault Enforce Security Policies Inside the Database Automatic and customizable DBA separation of duties and protective realms Enforce who, where, when, and how using rules and factors Enforce least privilege for privileged database users Prevent application by-pass and enforce enterprise data governance Securely consolidate application data or enable multi-tenant data management Procurement HR Finance Application DBA select * from finance.customers DBA Security DBA Application

© 2010 Oracle Corporation 29 Oracle Audit Vault Audit Database Activity in Real-Time Consolidate database audit trail into secure centralized repository Detect and alert on suspicious activities, including privileged users Out-of-the box compliance reports for SOX, PCI, and other regulations E.g., privileged user audit, entitlements, failed logins, regulated data changes Streamline audits with report generation, notification, attestation, archiving, etc. CRM Data ERP Data Databases HR Data Audit Data Policies Built-in Reports Alerts Custom Reports ! Auditor

© 2010 Oracle Corporation 30 Oracle Total Recall Track Changes to Sensitive Data select salary from emp AS OF TIMESTAMP '02-MAY AM where emp.title = admin Transparently track application data changes over time Efficient, tamper-resistant storage of archives in the database Real-time access to historical application data using SQL Simplified incident forensics and recovery

© 2010 Oracle Corporation 31 Oracle Database Firewall First Line of Defense Policies Built-in Reports Alerts Custom Reports Applications Block Log Allow Alert Substitute Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. Highly accurate SQL grammar based analysis without costly false positives Flexible SQL level enforcement options based on white lists and black lists Scalable architecture provides enterprise performance in all deployment modes Built-in and custom compliance reports for SOX, PCI, and other regulations

© 2010 Oracle Corporation 32 Oracle Configuration Management Secure Your Database Environment Discover and classify databases into policy groups Scan databases against 400+ best practices and industry standards, custom enterprise-specific configuration policies Detect and event prevent unauthorized database configuration changes Change management dashboards and compliance reports Monitor Configuration Management & Audit Vulnerability Management Fix Analysis & Analytics Prioritize Policy Management AssessClassify Monitor Discover Asset Management

© 2010 Oracle Corporation 33 Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use Make application data securely available in non-production environments Prevent application developers and testers from seeing production data Extensible template library and policies for data masking automation Referential integrity automatically preserved so applications continue to work LAST_NAMESSNSALARY ANSKEKSL ,000 BKJHHEIEDK ,000 LAST_NAMESSNSALARY AGUILAR ,000 BENSON ,000 ProductionNon-Production Data never leaves Database

© 2010 Oracle Corporation 34 Oracle Database Defense In Depth Oracle Advanced Security Oracle Identity Management Oracle Database Vault Oracle Label Security Oracle Audit Vault Oracle Total Recall Oracle Database Firewall Oracle Configuration Management Oracle Data Masking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.