Asset Security

-
Asset Security

Information Life Cycle

  1.     Acquisition
  2.     Use
  3.     Archival
  4.     Disposal
    
Information Classification
Classification Levels - Commercial Business - highest to lowest

  1.     Confidential
  2.     Private
  3.     Sensitive
  4.     Public
    
Classification Levels - Militarty purpose - highest to lowest
  1.     Top Secret
  2.     Secret
  3.     Confidential
  4.     Sensitive but unclassified
  5.     Unclassified
    
Classification Controls
Layers of Responsibility
  1.     Executive Management
  2.     CEO
  3.     CFO
  4.     CIO
  5.     CPO
  6.     CSO/CISO
  7.     Data Owner
  8.     Data Custodian
  9.     System Owner
  10.     Security Administrator
  11.     Supervisor
  12.     Change Control Analyst
  13.     Data Analyst
  14.     User
  15.     Auditor
    
Retention Policies

How ?
  1.     Taxonomy
  2.     Classification
  3.     Normalization
  4.     Indexing
    
How Long ?
  1.     Business Documents - 7 years
  2.     Invoices - 5 years
  3.     Accounts payable and receivable - 7 years
  4.     Human Resource Files - 7 years (Hired and Leave) or 3 years (candidates not hired)
  5.     Tax records - 4 years after the taxes are paid
  6.     Legal correspondence - Permanently
    
What Data ?
    e-Discovery
  1.         Identification
  2.         Preservation
  3.         Collection
  4.         Processing
  5.         Review
  6.         Analysis
  7.         Production
  8.         Presentation
    
Protecting Privacy
Data Owners    
Data Processers    
Data Remanence
  1.         Overwriting
  2.         Degaussing
  3.         Encryption
  4.         Physical Destruction
    Limits on Collection
    
Protecting Assets
    Data Security Controls
  1.         Data at Rest
  2.         Data in Motion
  3.         Data in Use
    Media Controls
  1.         Tracking
  2.         Effectively implementing access controls
  3.         Tracking the number and location of backup versions
  4.         Documenting the history of changes on media
  5.         Ensuring environmental conditions do not endanger media
  6.         Ensuring media integrity
  7.         Inventoring the media on a scheduled basis
  8.         Carrying out secure disposal activities
  9.         Internal and external labeling
        
Data Leakage
Date Leak Prevention
    General Approaches to DLP
  1.         Data Inventories
  2.         Data Flows
    
    Data Protection Strategy
  1.         Backup and recovery
  2.         Data life cycle
  3.         Physical Security
  4.         Security Culture
  5.         Privacy   
  6.         Organizational change
        
    Implementation, Testing, and Tuning 
  1.         Sensitive data awareness
  2.         Policy Engine
  3.         Interoperability
  4.         Accuracy
    
    DLP Resiliency
        
  1.     Network DLP
  2.     Endpoint DLP
  3.     Hybrid DLP

Protecting Other Assets
  1.     Protecting Mobile Devices
  2.     Paper Records
  3.     Safes

Comments

Post a Comment

Popular posts from this blog

OIM 11g R2 PS2 : SOA Approval Workflow Sample

-
Image
In this post I am posting the sample code for a sample SOA approval workflow. Some of the features that this workflow addresses are Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR". Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this.   manager-notify-only = TRUE or FALSE  TRUE = only notify the manager no approval request sent. FALSE = notify the manager and send an approval request.   roleowner-notify-only = TRUE or FALSE  TRUE = only notify the role owner no approval request sent. FALSE = notify the role owner and send an approval request. Third Level System Notification was required but it should be dynamic.  Custom OIM system property are created to address this sysadmin-noti
Read more

Oracle Identity Manager (OIM) Interview Questions

-
This is my 100th post on my blog and in this post, I will list down interview questions on OIM. This post will always be work in progress as I keep appending this list with more and more questions. Please find the list of questions below :-) What are the new features in PS3 ? What are the differences between PS2 and PS3 ? How do you identify rogue account creation in target system ? What is the high level architecture of OIM 11g ? List out difference between OIM 9.1 and 11g and possibly 11gR2 What are the new features in 11gR2 PS2 , PS3 How do you save multi-valued attribute in process form and how the linking happens between process form & child form ,   1 child form per multi valued attribute Can we still use entity adapters in OIM 11g What is pluginservice in oim 11g/  What is the orchestration service in oim 11g. what is the difference between entity match found  and process match found ? what are service accounts in oim ? why remote manager is used ? What is a c
Read more

OHS 12c (12.1.3) webgate deployment and configuration

-
In this post, I will cover the deployment and configuration of webgate 12c webgate. OHS 12c comes pre-bundled with a webgate so we don't have to separately download and install any webgate. If you have installed OHS then you have a webgate which you can configure to protect OHS. Also there is no gui screens involved as all configurations are done via command line tools. In the previous post i covered installation and configuration of OHS 12c. This post builds on top of that. Step 1 deploy webgate ./deployWebGateInstance.sh -w /OHS_12c_WEBSERVER_HOME/webserver/instances/instance1/config/fmwconfig/components/OHS/ohs1 -oh /OHS_12c_MW_HOME/ Copying files from WebGate Oracle Home to WebGate Instancedir Step 2 Config webgate export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OHS_12c_MW_HOME/lib cd /OHS_12c_MW_HOME/webgate/ohs/tools/setup/InstallTools/ ./EditHttpConf -w /OHS_12c_WEBSERVER_HOME/webserver/instances/instance1/config/fmwconfig/components/OHS/ohs1 -oh /OHS_12c_MW_HO
Read more