PDF《Security Compliance and Data》

Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Steve Ries Copyright ? 2014, Oracle and/or its affiliates.

All rights reserved. | David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology Services Organization United State Marine Corps Session : CON8015 Title : Security Compliance and Data Governance: Dual problems, single solution Description : Ensuring your databases comply is standards and sensitive data is protected can be difficult and time consuming task. This session will demonstrate how to use Oracle Enterprise Manager 12c for continuous Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | demonstrate how to use Oracle Enterprise Manager 12c for continuous security compliance auditing of your Oracle databases and underlying infrastructure against configuration standards such as the Department of Defense (DoD) Security Technical Implement Guide (STIG). You'

ll also learn how the new Data Governance feature can help find unsecured sensitive data throughout your environment and aid your data masking decisions. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle'

s products remains at the sole discretion of Oracle. Program Agenda Data Governance and Security Compliance C Commonalities EM12c Compliance Framework Overview Automated STIG Compliance Auditing @ US Marine Corp

1 2

3 Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Automated STIG Compliance Auditing @ US Marine Corp EM12c Data Governance C Sensitive Data Discovery Conclusion and Q &

A

3 4

5 Oracle Database Security Solutions Defense in Depth Encryption &

Redaction Encryption &

Redaction PREVENTIVE PREVENTIVE Activity Monitoring Activity Monitoring DETECTIVE DETECTIVE ADMINISTRATIVE ADMINISTRATIVE Key &

Wallet Management Key &

Wallet Management Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Masking &

Subsetting Masking &

Subsetting Privileged User Controls Privileged User Controls Database Firewall Database Firewall Auditing &

Reporting Auditing &

Reporting Oracle Database Security Solutions Defense in Depth Encryption &

Redaction PREVENTIVE Activity Monitoring DETECTIVE ADMINISTRATIVE ADMINISTRATIVE Key &

Wallet Management Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Masking &

Subsetting Privileged User Controls Database Firewall Auditing &

Reporting Privilege &

Data Discovery Privilege &

Data Discovery Configuration Management Configuration Management

7 Common Goals ? Data centers have thousands of databases some containing sensitive data ? Enterprises lack enterprise-wide Common Challenges ? Achieve compliance with standards or regulations ? Manage risk Security Compliance and Data Governance Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | ? Enterprises lack enterprise-wide tools to scan databases regularly ? Limited visibility into compliance status (encryption, masking, database vault) of sensitive data ? Hard to remediate non-compliance ? Manage risk ? Improve (Data) Security ? Minimizing or eliminating rework ? Optimize Staff effectiveness Security Compliance and Data Governance ? Highly automated ? Continuous auditing ? Proactively alert on findings and issues Common Solution Requirements Data Governance Security Compliance Requirements Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Proactively alert on findings and issues ? Provide remediation automation or guidance ? Provide robust and flexible reporting Program Agenda Data Governance and Security Compliance C Commonalities EM12c Compliance Framework Overview Automated STIG Compliance Auditing @ US Marine Corp