Presentation is loading. Please wait.

Presentation is loading. Please wait.

Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,

Published byBraiden Bowling Modified over 9 years ago

Similar presentations

Presentation on theme: "Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,"— Presentation transcript:

1

2 Miss Scarlet with a lead pipe, in the library

3 Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope, one die, pad of detective notebook sheets. Goal: To correctly name the murderer, murder weapon, and murder location. Setup - Sort the cards by type and shuffle each pile face- down. Without looking, take one suspect card, one weapon card, and one room card, and slide them into the secret envelope. Cluedo - the game

4 Cluedo - the tools

5 During setup... 1.Show all the players the cards before putting them in the secret envelope 2.Have a camera identifying the cards that goes into the secret envelope 3.Or have video cameras throughout the board scene This will save a lot of time Save some trees because of the detective notes So instead of going through all the clues and detective notes we would solve the crime Cluedo – the solution

6 Deon Roos Enterprise Architect Oracle Corporation South Africa

7

8 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server hAck3rs

9 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

10 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

11 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server SSL hAck3rs

12 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

13 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server Sensitive Confidential Public hAck3rs

14 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

15 Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA HW Vendor Backup Server Auditing vault hAck3rs Configuration Management & Audit Vulnerability Management Fix Analysis & Analytics Prioritize Policy Management AssessClassify Monitor Discover Asset Management

16 `

17 Why Audit? Compliance Mandates It –SOX, PCI-DSS, HIPAA ….. Your auditor told you to do it You don’t want to end up in the news Maintain customer trust

18 Detective controls –Monitor privileged application user accounts for non-compliant activity – trust but verify –Audit non-application access to sensitive data (credit card, financial data, personal identifiable information, etc) –Verify that no one is trying to bypass the application security controls –Line items are changed in order to avoid business processes and approvals Cost of compliance –Eliminate costly and complex scripts for reporting –Reduce reporting costs for specific compliance audits Business drivers

19 Statement Auditing Statement auditing audits SQL statements by type of statement, not by the specific schema objects on which the statement operates Data definition statements (DDL). Data manipulation statements (DML). Object Auditing Schema object auditing is the auditing of specific statements on a particular schema object. Privilege Auditing Privilege auditing is the auditing of SQL statements that use a system privilege. You can audit activities of all database users or of only a specified list of users. Standard Auditing

20 Database Audit Tables –Collect audit data for standard and fine-grained auditing Oracle audit trail from OS files –Collect audit records written in XML or standard text file Operating system SYSLOG –Collect Oracle database audit records from SYSLOG Redo log –Extract before/after values and DDL changes to table Database Vault specific audit records User Object Statement Privilege Condition AUD$ REDO Log FGA_LOG$ Audit on Logged in OS Logs

21 ●●●●●● Failed Logins Do you have visibility of failed logins and other exception activities? ●●●●●● Accounts, Roles & Permissions Do you have visibility of GRANT and REVOKE activities? ● ● ● FISMA ● ● ● ● Basel II ●●●● Privileged User Activity Do you have visibility of users activities? ●●●● Schema Changes Are you aware of CREATE, DROP and ALTER Commands that are occurring on identified Tables / Columns? ● Data Changes Do you have visibility into Insert, Update, Merge, Delete commands? ●●● Access to Sensitive Data Can you have visibility into what information is being queried (SELECTs)? GLBAHIPAA PCI DSS SOX Database Audit Requirements What do you need to audit? Health Insurance Portability Account Act - Federal Info Sec Man Act – Gramm-Leech-Bliley Act

22 Siebel MS SQL Server 2000, 2005, & 2008 Sybase ASE 12.5.4 - 15.0.x HCM Audit Data Policies Built-in Reports Alerts Custom Reports ! Auditor Various DB sources Adapters for packaged applications Oracle DB2 8.2 - 9.5 on Linux, Unix, Windows Easy to use reports Central provisioning of policies Meet compliance reporting Proactive – alerts & notifications (SMS/email) Pre-defined & custom reports A Encryption in transit Audit warehouse Secured audited data Segregation of duties Completeness of audit Encryption at rest Consolidated auditing Performance & scalability Oracle Audit Vault Automated Activity Monitoring & Audit Reporting

23 Default reports

24 Out of the box - Compliance reports

25 Database Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging

26 hAck3rs Developer End User Power Users Quality Assurance Prod Dev, QA, Test Report Server Storage Sys Admin Network Admin Storage Admin DBA Backup Server hack3rs

27 oracle.com/database/security search.oracle.com database security For more Information

28

Download ppt "Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,"

Similar presentations

BalaBit Shell Control Box

BalaBit Shell Control Box
Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall
1 Auditing the DBA: What non-technical managers and auditors should know. Presented By Cam Larner Cam Larner President President Absolute Technologies,

1 Auditing the DBA: What non-technical managers and auditors should know. Presented By Cam Larner Cam Larner President President Absolute Technologies,
Database Vault Welcome, today I’d like to present an overview of the latest security product from Oracle – Database Vault. We announced this new product.

Database Vault Welcome, today I’d like to present an overview of the latest security product from Oracle – Database Vault. We announced this new product.
Oracle Database Security

Oracle Database Security
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Database Vault Marco Alamanni

Database Vault Marco Alamanni
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Vault with Oracle Database 12c Chi Ching Chui Senior Development.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Vault with Oracle Database 12c Chi Ching Chui Senior Development.
Database Management System

Database Management System
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Advanced Databases Basic Database Administration Guide to Oracle 10g 1.

Advanced Databases Basic Database Administration Guide to Oracle 10g 1.
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
1. Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth Vipin Samar Vice President, Oracle Database Security.

1. Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth Vipin Samar Vice President, Oracle Database Security.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.

10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.
1 S311345-Database Auditing Demystified: The What, the How, and the Why.

1 S Database Auditing Demystified: The What, the How, and the Why.
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.

Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Similar presentations

Ads by Google