Professional Documents
Culture Documents
PCI DSS-Payment Card Industry Data Security Standard: Alfredo Valenza Master Principal Sales Consultant - Oracle Italia
PCI DSS-Payment Card Industry Data Security Standard: Alfredo Valenza Master Principal Sales Consultant - Oracle Italia
Alfredo Valenza
Master Principal Sales Consultant - Oracle Italia
Agenda
Oracle
PCI market
PCI Compliance
Database Security
Identity Management
Access Management
In addition
Configuration Management
IRM
Agenda
Oracle
PCI market
PCI Compliance
Database Security
Identity Management
Access Management
In addition
Configuration Management
IRM
Why Oracle?
Evaluated
Evaluated
Evaluated
Evaluated
EAL 4+
EAL 4+
EAL 4+
EAL 4+
Business Users
Jim
(User)
Jane
(Manager)
IT Personnel
Needs Help Simplifying User Management For:
Employees
Customers
Partners
Want to Automate Manual Processes (like Workflow)
Need Tools To Manage IT Systems With Less Effort
Larry
(IT)
Kate
(Audit/Security)
Audit/Security
Agenda
Oracle
PCI market
PCI Compliance
Database Security
Identity Management
Access Management
In addition
Configuration Management
IRM
Oracle Secure Backup provides a solution for backing up and encrypting directly
to tape storage.
Encryption algorithms supported include 3DES and AES with 128, 192, or 256 bit
key length.
Identity Management
Information
Infrastructure
Databases
User Provisioning
Role Management
Entitlements Management
Risk-Based Access Control
Virtual Directories
Configuration
Management
Audit
Vault
Total Recall
Access Control
Database
Vault
Label
Security
Advanced
Security
Secure
Backup
Data
Masking
16
Evaluated at CC EAL4
Available on all Oracle platforms
Sensitive
Highly Sensitive
Label Based
Confidential
Sensitive
Highly Sensitive
How
does it work?
HR Applications Policy
Confidential
Database Vault
Command Rules
Highly Sensitive
Sensitive
Sensitive
Highly Sensitive
Confidential
Oracle Identity
Management
or
Database
Buffer Cache
SSN = 987-65-..
Highly efficient
SQL Layer
High performance
Integrated with Oracle data compression
No application changes
data blocks
*M$b@^s%&d7
undo
blocks
2.3 Encrypt all non-console administrative access.
redo
logs
temp
blocks
flashback
logs
Master Key
Security DBA
20
Procurement
Application
DBA
HR
Finance
Privileged
DBA
HR Realm
HR
HR App
FIN Realm
FIN
FIN App
22
Off-Line
LAST_NAME
SSN
SALARY
AGUILAR
203-33-3234
40,000
BENSON
323-22-2943
60,000
Cloned
Database
Production
Database
Built-in Discovery
Use foreign key definitions to maintain
relationships between tables
Define custom data relationships
LAST_NAME
SSN
SALARY
ANSKEKSL
11123-1111
40,000
BKJHHEIEDK
111-34-1345
60,000
23
SOX
PCI
DSS
HIPAA/
HITECH
Basel II
FISMA
GLBA
24
Efficient scanning
Threat Detection
25
26
Agenda
Oracle
PCI market
PCI Compliance
Database Security
Identity Management
Access Management
In addition
Configuration Management
IRM
Policy
Provisioned
Applications
New
Contractor
Self
Registration
Approval
Identity
Store
New
Employee
HRMS
Role
Access
Policy
Workflow
Connector
Reconciliation
Engine
7.1.2 Assignment of privileges is based on individual personnels job classification and function
8.5.3 Set first-time passwords to a unique value for each user and change
immediately after the first use.
Revoked
Applications
Automated
De-Provisioning
Manual Task
Revoked
Cell Phone
Identity
Store
Terminated
Employee
HRMS
Reconciliation
Engine
Provisioning
Workflow
Connector
Revoked
Applications
Delegated Administration
Agenda
Oracle
PCI market
PCI Compliance
Database Security
Identity Management
Access Management
In addition
Configuration Management
IRM
Password or passphrase
Centralized Policy
and Entitlements
Management
Strong
Authentication
Forensics Case
Management
Runtime SOA
Governance
Distributed policy
enforcement
through agents
and gateways
Real-time Fraud
Prevention
Self-service
Password Reset
SOA Security
Enterprise SSO
Agenda
Oracle
PCI market
PCI Compliance
Database Security
Identity Management
Access Management
In addition
Configuration Management
IRM
Advise
Verify
Implement
38
Confidential documents and emails are moderately secure while stored (unused)
within folders, inboxes and repositories
But when used, thousands of copies are stored on desktops, laptops, wireless
devices, USB drives, CDs/DVDs inside and outside your organization!
How do you
Documents
Contributor
Reviewer
Sales
direction
Q3 Figures.sxls
Reader
Reader (no print)
2008 Business
Plan.sppt
CFO
ACME competitive
review.sdoc
Documents
Recent
successes
Contributor
Sales manager
comp plans.sxls
Reviewer
HR Director
Reader
Reader (no print)
Health+Safety
Exec.sdoc
Contract
terms.spdf
All Employees
Corporate Network
Internal User
External User
F
I
R
E
W
A
L
L
F
I
R
E
W
A
L
L
IRM Server
F
I
R
E
W
A
L
L
Database Server
Load balancer
LDAP Server
Web Services