Soumettre la recherche
Mettre en ligne
30 Minute Release11i Security
•
0 j'aime
•
434 vues
S
SecureDBA
Suivre
Steps you can take in 30 minutes to secure your Oracle E-Business Suite environment.
Lire moins
Lire la suite
Signaler
Partager
Signaler
Partager
1 sur 33
Recommandé
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
Group of company MUK
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Ethisphere
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budget
Ryan Wisniewski
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Dell EMC World
Recommandé
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
Group of company MUK
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Ethisphere
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budget
Ryan Wisniewski
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Dell EMC World
Building an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case Study
Carter Schoenberg
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
Using 80 20 rule in application security management
Using 80 20 rule in application security management
DaveEdwards12
Keeping Your Data Clean
Keeping Your Data Clean
Resolver Inc.
It22015 slides
It22015 slides
Jim Kaplan CIA CFE
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Enterprise Management Associates
Open Source Security - It can be done easily.
Open Source Security - It can be done easily.
Flexera
It62015 slides
It62015 slides
Jim Kaplan CIA CFE
20160210 webinarslides
20160210 webinarslides
Jim Kaplan CIA CFE
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
Imperva
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Dell EMC World
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & Culture
Jim Kaplan CIA CFE
Survey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
SolarWinds
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
centralohioissa
Infor 10x Advantage On Air Summit Presentation - Make Better Decisions Faster
Infor 10x Advantage On Air Summit Presentation - Make Better Decisions Faster
Godlan, Inc
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Amazon Web Services
Contenu connexe
Tendances
Building an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case Study
Carter Schoenberg
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
Using 80 20 rule in application security management
Using 80 20 rule in application security management
DaveEdwards12
Keeping Your Data Clean
Keeping Your Data Clean
Resolver Inc.
It22015 slides
It22015 slides
Jim Kaplan CIA CFE
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Enterprise Management Associates
Open Source Security - It can be done easily.
Open Source Security - It can be done easily.
Flexera
It62015 slides
It62015 slides
Jim Kaplan CIA CFE
20160210 webinarslides
20160210 webinarslides
Jim Kaplan CIA CFE
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
Imperva
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Dell EMC World
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & Culture
Jim Kaplan CIA CFE
Survey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
SolarWinds
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
centralohioissa
Tendances
(20)
Building an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case Study
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
Using 80 20 rule in application security management
Using 80 20 rule in application security management
Keeping Your Data Clean
Keeping Your Data Clean
It22015 slides
It22015 slides
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Open Source Security - It can be done easily.
Open Source Security - It can be done easily.
It62015 slides
It62015 slides
20160210 webinarslides
20160210 webinarslides
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & Culture
Survey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Similaire à 30 Minute Release11i Security
Infor 10x Advantage On Air Summit Presentation - Make Better Decisions Faster
Infor 10x Advantage On Air Summit Presentation - Make Better Decisions Faster
Godlan, Inc
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Amazon Web Services
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
CA Technologies
Penetration Testing as an auditing tool
Penetration Testing as an auditing tool
syrinxtech
Quick Response Fraud Detection
Quick Response Fraud Detection
FraudBusters
Your Service Desk is Privileged, Too
Your Service Desk is Privileged, Too
Bomgar
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
David Perkins
Secure Iowa Oct 2016
Secure Iowa Oct 2016
Larry Slobodzian
Primer for Information Security Programs
Primer for Information Security Programs
Richard Greenberg, CISSP
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
Joan Weber
Six Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & Vendors
Bomgar
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
UL Transaction Security
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
Joel Cardella
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
CA Technologies
Who Owns the “S” in S&OP?
Who Owns the “S” in S&OP?
Steelwedge
If I want a perfect cyberweapon, I'll target ERP
If I want a perfect cyberweapon, I'll target ERP
ERPScan
How to Protect Your Oracle Database from Hackers
How to Protect Your Oracle Database from Hackers
Jeff Kayser
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Software
bal-internet-presence-protection-analysis
bal-internet-presence-protection-analysis
Ben Livson
Risks vs real life
Risks vs real life
Mona Arkhipova
Similaire à 30 Minute Release11i Security
(20)
Infor 10x Advantage On Air Summit Presentation - Make Better Decisions Faster
Infor 10x Advantage On Air Summit Presentation - Make Better Decisions Faster
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Penetration Testing as an auditing tool
Penetration Testing as an auditing tool
Quick Response Fraud Detection
Quick Response Fraud Detection
Your Service Desk is Privileged, Too
Your Service Desk is Privileged, Too
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
Secure Iowa Oct 2016
Secure Iowa Oct 2016
Primer for Information Security Programs
Primer for Information Security Programs
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
Six Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & Vendors
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
Who Owns the “S” in S&OP?
Who Owns the “S” in S&OP?
If I want a perfect cyberweapon, I'll target ERP
If I want a perfect cyberweapon, I'll target ERP
How to Protect Your Oracle Database from Hackers
How to Protect Your Oracle Database from Hackers
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
bal-internet-presence-protection-analysis
bal-internet-presence-protection-analysis
Risks vs real life
Risks vs real life
30 Minute Release11i Security
1.
30 Minute Release
11i Security Keeping the Bad Guys Away
2.
Welcome • Today’s Agenda:
Presenter Introductions • OAUG Membership Benefits • Presentation Overview • 30 Minute Release 11i Security • Minute 31 – Your Next Steps • Questions and Answers • ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
3.
Presenter – Kevin
Sheehan • 25+ years of IT experience • 13 Years Oracle Core DBA • 3 Years Oracle Apps DBA • 3 Years Oracle Application Server Administration • Large Homeland Security Implementations • Email: kevin.sheehan@unisys.com ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
4.
Co-Presenter – Randy
Giefer • 20+ years of IT experience Databases and Applications • 10 years Oracle Apps DBA • Fortune 1-1000 • Government • Founder of Solution Beacon, LLC • Security Practice Director • Applications Security Specialist, Consultant, Advisor • Email: rgiefer@solutionbeacon.com • ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
5.
OAUG Membership Member Benefits
include: • Advocacy opportunities to influence Oracle on product enhancements, usability, new features, Oracle support, pricing and quality. • Knowledge that showcases the latest trends and techniques used by industry leaders through our national and regional events and our publications, such as OAUG Insight magazine. • Communication with other OAUG members worldwide through participation in OAUG committees, leadership positions, interaction with Oracle Corporation's user initiatives, frequent member surveys, and Oracle management briefings. • Education through the hundreds of career-enhancing presentations in our conference paper database archive, as well as discounts to conferences and Oracle education. • Networking with Oracle customers, industry experts, third-party software firms, and other Oracle Applications specialists through our Member Database and Online Vendor Directory. ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
6.
Presentation Overview • ½
Awareness • ½ Real World Best Practices ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
7.
What Is Security? •
What comes to mind when someone mentions “security”? • Physical Security • Three Gs ( Guards, Gates, Gizmos ) • Technology Stack Security • Network (e.g. Firewalls, Proxy Servers) • Server (e.g. Antivirus) • Database ( Auditing? ) • Application ( Access Lists? ) ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
8.
What Is Security? •
Most often, Security is focused on trying to keep the external bad people out … • But who is keeping out the internal bad people? ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
9.
30 Minute Release
11i Security “Keeping The Bad People Away” • Case Studies • Disgruntled Worldcom employee posts stolen names, SSN, birth dates of company executives on public website • Ex-Employee Steals CRM and Financials Data and Provides to Competitor • Employee Sells Credit History Database • Employee Manipulates Payroll Data • AOL Employee Sells Email Addresses to Spammer ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
10.
30 Minute Release
11i Security “Keeping The Bad People Away” • Q. What do all of these Case Studies have in common? Disgruntled Employee • Ex-Employee Steals CRM and Financials Data • Employee Sells Credit History Database • Employee Manipulates Payroll Data • Employee Sells Email Addresses to Spammer • • A. A firewall didn’t help!!! ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
11.
Today’s Message • The
Internal Threats Are Real! ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
12.
Fact: Internal Threats
Are Real Despite most people's fears that hackers will break into the company and destroy data or steal critical information, more often than not, security breaches come from the inside. ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
13.
Fact: Internal Threats
Are Real • Gartner estimates that more than 70% of unauthorized access to information systems is committed by employees, as are more than 95% of intrusions that result in significant financial losses ... • The FBI is also seeing rampant insider hacking, which accounts for 60% to 80% of corporate computer crimes ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
14.
Fact: It may
Happen To You • In 2005, 20 percent of enterprises experienced a serious internet security incident – Gartner • In 2005, 60 percent of security breach incident costs incurred by businesses were financially or politically motivated – Gartner • “33% of ‘attacks’ are conducted by employees; another 28% are from former employees” (source: Global State of Information Security 2005, April 2006) • Are you prepared? • Can you prevent becoming a statistic? ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
15.
What Is Security? •
Security is a PROCESS that occurs (or doesn’t occur) at multiple levels • Some organizations are better than others • Security awareness at organizations vary due to: • Business Core Function • Organizational Tolerance (e.g. SOX) • Prior Incidents ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
16.
Security Is A
Process • “Process” means it occurs more than once! • Policies, Processes and Procedures • Internal and External Checks and Balances • Regular Assessments (Focus = Improve) • Internal • Third Party • Audits (Focus = $ for Auditors) • Necessary Evil • Many Don’t Understand the Apps ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
17.
What Is Applications
Security? In an Oracle Applications environment, it’s protection of information from: Accidental Data Loss • Employees • Ex-Employees • Hackers • Competition • ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
18.
Application Security –
Today’s Focus • Part Technology, Mostly User Access • User Security • Authentication • Authorization • Audit • Start with the basic levels first and work your way up (i.e. Why implement a proxy server, DMZ, and firewalls if you are running with default passwords?) ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
19.
Application Security • Authentication
– Who are you? • Authorization – What privileges do you have? • Audit – Effectiveness is almost useless if you can’t ensure: Individual accounts are used • Individuals are who they say they are • ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
20.
What is “30
Minute Release 11i Applications Security”? • Now that you are “aware” of the need for Security… • Easily Implement Select Security Controls Consisting Of: • User Account Policies • Profile Options • Quick and Easy to Implement • Low Investment / High Return Value • “Big Bang for the Buck” ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
21.
Best Practice: No
Shared Accounts • Difficult or Impossible to Properly Audit • Release 11i Feature to Disallow Multiple Logins Under Same Username: • Uses WF Event/Subscription to Update ICX_SESSIONS • 11.5.8 MP • Patches 2319967, 2128669, WF 2.6 ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
22.
Best Practice: No
Generic Passwords Stay Away From ‘welcome’!!! • How Hard Is It To Guess A Username? • 11.5.10 Oracle User Management (UMX) • UMX – User Registration Flow • • Select Random Password • Random Password Generator ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
23.
11.5.10 Oracle User
Management (UMX) UMX leverages workflow to implement business logic around the • registration process Raising business events • Provide temporary storage of registration data • Identity verification • Username policies • Include the integration point with Oracle Approval Management • Create user accounts • Release usernames • Assign Access Roles • Maintain registration status in the UMX schema • Launch notification workflows • ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
24.
Application Profile Options
Relating to Passwords • Set according to your IT policies • Consistent with other systems • Don’t change “on-the-fly” • Changes need to be communicated in advance • ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
25.
Profile: Signon Password
Length • Signon Password Length sets the minimum length of an Oracle Applications user password value • Default Value = 5 characters • Recommendation: At least 7 characters. Set module accounts to a much longer value. ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
26.
Profile: Signon Password
Hard to Guess • The Signon Password Hard to Guess profile option sets internal rules for verifying passwords to ensure that they will be quot;hard to guessquot; • Oracle defines a password as hard-to-guess if it follows these rules: • The password contains at least one letter and at least one number • The password does not contain repeating characters • The password does not contain the username • Default Value = No • Recommendation = Yes ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
27.
Profile: Signon Password
No Reuse • This profile option is set to the number of days that must pass before a user is allowed to reuse a password • Default Value = 0 days • Recommendation = 180 days or greater ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
28.
Profile: Signon Password
Failure Limit • Default Value = 0 attempts • Recommendation = 3 (adhere to policy) • By default, there is no lockout after failed login attempts: This is just asking to be hacked! • Additional Notes: • Implement an alert (periodic), custom workflow or report to notify security administrators of a lockout • FND_UNSUCCESSFUL_LOGINS • 11.5.10 raises a security exception workflow ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
29.
ATG_PF.H Rollup 3
Enhancements • Case Sensitivity in User Passwords (Better OID integration) • Profiles Server+Responsibility Hierarchy Type (Allows profile values to be set for specific combinations of servers and responsibilities) • Oracle User Management: Configurable User Name Policy (Validates a specified format for user names – e.g. e-mail address) ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
30.
Profile: ICX:Session Timeout •
The length of time (in minutes) of inactivity in a user's form session before the session is disabled. • Default value = none • Recommendation = 30 (minutes) • Also set session.timeout in zone.properties • Available via Patch 2012308 (Included in 11.5.7, FND.E) • Numerous other timeouts defined in Whitepaper ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
31.
Minute 31 –
Your Next Steps • Be Paranoid! • Review/Update/Create Security Processes, Procedures and Policies • Be Proactive – Monitor Security Sources • Oracle Critical Patch Update • CPU FAQ: 237007.1 • Quarterly Releases ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
32.
Minute 31 –
Your Next Steps (continued) Harden Operating System • Harden Database • Harden E-Business Suite Tech Stack • MetaLink Doc 189367.1 – Securing The E-Business • Suite) • Internal Assessment • Third Party Assessment • Continuous Process Improvement ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.
33.
The Internal Threat
is Real! • Questions & Answers Kevin Sheehan kevin.sheehan@unisys.com Randy Giefer rgiefer@solutionbeacon.com ©2006 Kevin Sheehan and Randy Giefer. All Rights Reserved.