Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
15Activity
0 of .
Results for:
No results containing your search query
P. 1
Oracle White Paper - Database Vault 11g

Oracle White Paper - Database Vault 11g

Ratings:

4.0

(1)
|Views: 2,115 |Likes:
Published by jpaulino

More info:

Published by: jpaulino on Nov 07, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/19/2011

pdf

text

original

 
Oracle Database Vault
 
 An Oracle White Paper  June 2007 
 
 
Oracle Database Vault
INTRODUCTION
Strengthening internal controls for regulations, enforcing industry best practices, andguarding against insider threats are just a few of the challenges facing organizations in today'sglobal economy. While problems such as the insider threat are certainly not new, theconcern over unauthorized access to sensitive information has never been greater. TheCSI/FBI 2005 Computer Crime and Security study documented that more than 70% of information system data losses and attacks have been perpetrated by insiders, that is, by thoseauthorized at least some level of access to the system and its data. Insider security breachescan be much more costly than attacks from outside the enterprise. The cost of data theft fromboth a financial and public relations standpoint can be significant. At the same time,remaining competitive in a global economy requires the flexibility to deploy IT systems in acost effective manner while still adhering to industry best practices and regulatory mandatessuch as PCI, Sarbanes-Oxley and Basel II.Transparent security controls are critical when bringing existing applications and IToperations into compliance with existing and newly emerging regulations as well as industrybest practices. Modifying existing application can be a time consuming and costly exercise.As a result, new security products must protect transparently, without modification to existingapplications.
ORACLE DATABASE VAULT
Controlling access to databases, applications and data requires sophisticated accesscontrols that are enforced from within the database. Oracle Database Vault is theindustry's leading solution for protecting business data. Whether it's traditionalclient server applications or web based applications, Oracle Database Vaultprovides flexible, transparent and highly adaptable security controls with noapplication changes. Oracle Database Vault recently won the 2007 GlobalExcellence in Database Security Award from the Info Security Products Guide.Over the past several decades, thousands of applications have been developed.Some of these applications have broad usage such as HR or financial processing, while others are custom applications, designed to address an industry specificbusiness problem. Today, the highly privileged user can be found in many application environments. Today, regulations and best practices require that strong controls be put in place to address highly privileged users and prevent access todata using off the shelf reporting tools. Oracle Database Vault is designed to
Oracle Database Vault Page 2
 
address these challenges using highly privileged user controls and custom security policies. Oracle Database Vault is available for Oracle Database 9i Release 2,Oracle Database 10g Release 2 and Oracle Database 11g Release 1. OracleDatabase Vault has been validated with Oracle PeopleSoft Applications. Validation with additional applications, including Oracle E-Business Suite and Siebel, iscurrently underway.F
 
ReportsRealmsMulti-FactorAuthorizationSeparationof DutyCommandRules
 
Hardened Operating System (Recommended)
Highly Privileged User Controls
Realms
Prevent highly privileged users fromaccessing application dataSeparation of Duty
Control administrative actions within thedatabase to prevent actions that mayviolate regulations and best practicesReports
Run security related reports on Realmsand other Database Vault enforcements
Flexible and Adaptable CustomSecurity Policies
 Multi-Factor Authorization
Created Trusted Paths to data, definingwho, when, where and how applications,data and databases are accessedCommand Rules
Enforce operational policies based on ITSecurity and internal or external auditorrecommendations
 
Figure 1. Oracle Database Vault Overview 
Oracle Database Vault and Regulations
Oracle Database Vault realms, separation of duty, command rules and factors areapplicable to reducing the overall risk associated with specific provisions of regulations worldwide. Regulations such as Sarbanes-Oxley (SOX), HealthcareInsurance Portability and Accountability Act (HIPAA), Basel II, and PCI havecommon themes that include internal controls, separation of duty and strong accesscontrols on access to sensitive information. While many requirements found inregulations such as SOX and HIPAA are procedural in nature, technical solutionsare required to mitigate the risks associated with items such as unauthorizedmodification of data and unauthorized access.
Oracle Database Vault Page 3

Activity (15)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Shashank Pandey liked this
Pavan Goutham liked this
taqvia liked this
rajusp007 liked this
lmitchell95 liked this
Abeer Suleiman liked this
paramreddy2000 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->