PDF《Security Compliance and Data》

1 2

3 Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Automated STIG Compliance Auditing @ US Marine Corp EM12c Data Governance C Sensitive Data Discovery Conclusion and Q &

A

3 4

5 Enterprise Manager Compliance Framework Overview Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Continuous Configuration Auditing Real-Time File Integrity Monitoring Cloud Scale Ready to use Standard Enterprise Manager Compliance Framework ? Tightly integrated with configuration collection framework. C Evaluation triggered by detected configuration changes. C Efficient mechanism vs full scheduled evaluation. C Always up to date . Continuous Configuration Auditing Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | C Always up to date . ? Violations automatically cleared after remediation. ? Alert on each violation or score threshold.

2 Enterprise Manager Compliance Framework ? Know the who , what and when the change was made. ? Detect Unauthorized changes automatically. ? Required for many Industry regulations like PCI. Real-Time File Integrity Monitoring Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Required for many Industry regulations like PCI. ? Capable of monitoring users, processes and database actions in addition to files. ? Oracle provided standards for Critical Oracle Linux and Exadata files.l Enterprise Manager Compliance Framework ? Efficient re-evaluation on change reduces network and host resource consumption. ? Standards can be automatically applied using Administrative groups or composite targets ( DBaaS Pools, Application Systems ) Cloud Scale Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | composite targets ( DBaaS Pools, Application Systems ) ? New Agent-Side rules control repository growth ? Summary reporting via BI Publisher O

14 Enterprise Manager Compliance Framework ? 1000s of Oracle provided Checks ( Rules ) C 25+ Standards for Database components ( RAC, SI, Listener, etc ) ? Based on Oracle'

s best practices and Security recommendations Ready to use Compliance Standards and Checks Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | ? Customizable to meet Internal best practices 1. Leverage Oracle provided rules matching your own 2. Tailor Oracle provided rules with known exceptions 3. Build custom rules to exactly match requirement ? New in 12.1.0.4 C Oracle Database 11g STIG Standards

15 Program Agenda Data Governance and Security Compliance C Commonalities EM12c Compliance Framework Overview Automated STIG Compliance Auditing @ US Marine Corp

1 2

3 Copyright ? 2014, Oracle and/or its affiliates. All rights reserved. | Automated STIG Compliance Auditing @ US Marine Corp EM12c Data Governance C Sensitive Data Discovery Conclusion and Q &

A

3 4

5 CSC Proprietary ABOUT THE SPEAKER Steve Ries Senior Systems Architect Technology Services Organization United State Marine Corps October 2,

2014 About Technology Services Organization ? Software development and systems integrator of enterprise level pay and personnel systems for the United States Marine Corps and other branches of the military

18 CSC Proprietary Database Security at Department of Defense ? STIG C Security Technical Implementat........