38
<Insert Picture Here> 기업 보안 현황 및 차세대 보안 정책 방향 Oracle Korea, Fusion Middleware 이석진 팀장 ( [email protected] )
Oracle Korea, Fusion Middleware
GRC
GRC .
? ?07/05 Bernard Ebbers is serving 25 year prison sentence 11/07/06 Ex-CA Boss
? ? and paid US $50 Million in fines
gets 12 years and $US 8 Million fine
:
,
, , ,
2008 Oracle Corporation Proprietary and Confidential 2 / 38
GRC : Governance, Risk, Compliance
Compliance Governance
C-level : CEO / CFO / CIO /
/ / Dependency
/ P lt
CIO Focus
Dependency
/ N P lt
Risk
/ Penalty / No Penalty
2008 Oracle Corporation Proprietary and Confidential 3 / 38
Compliance Landscape
Companies Act
KSOX
AMERICAS
Sarbanes-OxleyHIPAA
FDA CFR Part 11/Annex 11CA SB 1398CA AB 1950
PIPEDA
EUPDJapan
P i
Basel IIKonTraGDPA
RIP
Companies ActBDSG
LOPDIAS
AMERICAS HIPAA FDA CFR 21 Part 11 OMB Circular A-123 SEC and DoD Records Retention USA PATRIOT Act Gramm-Leach-Billy ActFDA CFR Part 11/Annex 11
GLBFISMA
CA AB 1950CA SB 1386
PrivacyJSOXReg. 357
B ki A t
Gramm Leach Billy Act Federal Sentencing Guidelines Foreign Corrupt Practices Act Market Instrument 52EMEA EU Privacy Directives UK Companies Law
Bill 321/2004
Personal DataProtection Law Bill 3494/2000
AS4360
CLERP 9
King II Rpt
Banking Act UK Companies Law Restriction of Hazardous SubstancesAPAC J-SOX, C-SOX, K-SOX, C49, etc CLERP 9 : Audit Reform and
Corporate Disclosure Act (Australia) Stock Exchange of Thailand Code
Law f/ProtectionOf Personal Data Nov2000
PA&PAAKing II Rpt Stock Exchange of Thailand Code
on Corporate GovernanceGlobal IFRS Basel II OECD Guidelines on Corporate
GovernanceGovernance
2008 Oracle Corporation Proprietary and Confidential 4 / 38
GRC
HR/TrainingAudit
Risk Intelligence Dashboard
TrainingCommittee Disclosure
CommitteeExternalAudit InternalAudit Field Audit
(404 App)Business UnitCIOCEO/CFO
SarbanesPMO
Internal Info
Integration and Collaboration
PMO
E-LearningInternal Control Mgmt
Financial Reporting
Control Monitoring
Lifecycle Mgmt(ILM)
Systems Mgmt
Security
ERP HR CRM Databases Document Retention
Hardware/Operating System/Network Infrastructure
2008 Oracle Corporation Proprietary and Confidential 5 / 38*Source: Deloitte Consulting
SOS
100 " .
3 . ...."
.
.
S KBS 60
2008 Oracle Corporation Proprietary and Confidential 6 / 38
Source : KBS 60
/
80 D (Control Unit Logic, Battery Monitoring
80 D
70
TFT-LCD ( )
(Control Unit Logic, Battery Monitoring
System, Regenerative Braking System )
80kW Stack
LPG (LPLi)
Euro 5 (DPF, SCR ))
PDP
Euro 5 (DPF, SCR )
(, 2 )
350km (AC
FINEX
600MPa /
350km (AC
OBCS )
U-Mo
((0.4% C) )
(10% Mn ) TWIP
4%
100()
2008 Oracle Corporation Proprietary and Confidential 7 / 38
(3% Ni) (0.4% N)
9
LNG
3
500 5m
1m
ERP CAD
FTS
20 S-band RF
PCM
(DMB, DMB, DVB-H, MediaFLO, One-Seg )
CAS
(DMB DMB DVB-H MediaFLO One-Seg )(DMB, DMB, DVB H, MediaFLO, One Seg )
DRM
(DMB, DMB, DVB-H, MediaFLO, One-Seg )
HD
802.11n ASIC
CR A il S t S i
2008 Oracle Corporation Proprietary and Confidential 8 / 38
CR Agile Spectrum Sensing
(:NISC)
2931 32
30
35
26
20
25
9 1010
15
9
46 5 6
0
5
10
e-mail , 0
'98 '99 '00 '01 '02 '03 '04 '05 '06 '07
2008 Oracle Corporation Proprietary and Confidential 9 / 38
? ()
.
,3
1, 1
,
,27
30
(2003 61 )Source:
2008 Oracle Corporation Proprietary and Confidential 10 / 38
,
Mobile
S t h
PC
Smartphone& Notebook
etc.
Wireless
So rce : KISA CSO Briefing:
2008 Oracle Corporation Proprietary and Confidential 11 / 38
Source : KISA CSO Briefing: ,
IT
1% 80% 1% 80%
13% , 71%
2008 Oracle Corporation Proprietary and Confidential 12 / 38
1
2008 Oracle Corporation Proprietary and Confidential 13 / 38
Source : KISA(), 2007
2
2008 Oracle Corporation Proprietary and Confidential 14 / 38
Source : KISA(), 2007
/ .
2008 Oracle Corporation Proprietary and Confidential 15 / 38
Source : KISA(), 2007
ID
2008 Oracle Corporation Proprietary and Confidential 16 / 38
Source : KISA(), 2007
Privacy Data Privacy
Data Privacy .
2008 Oracle Corporation Proprietary and Confidential 17 / 38
Source : KISA(), 2007
()
/ .
2008 Oracle Corporation Proprietary and Confidential 18 / 38
Source : KISA(), 2007
The Global Context
Identity TheftOrganised crime
TerrorismOnline Fraud Terrorism
Insider Threats
Economic Climate
Insider Threats
Regulatory Pressures
2008 Oracle Corporation Proprietary and Confidential 19 / 38
Whats Changed?
1996 2008
Hobby Hackers
Web Site
Criminals
IP Theft Web Site
Defacement
Viruses
IP Theft
Identity Theft Viruses
Infrequent Attacks Constant Threat
2008 Oracle Corporation Proprietary and Confidential 20 / 38
Phases of Information Security Deployment
Service Oriented Security
Security Silos Static Security
Dynamic Security &
Compliance Security
Phase 3:N Phase 2:Phase 1:
Compliance
Phase 3: The Future
No Centralized
Security
Phase 2:Phase 1:
2008 Oracle Corporation Proprietary and Confidential 21 / 38
Phase 1: Static Security
Business Drivers IT Imperatives
Move to web-enabled applications
Protect enterprise from external web traffic
Strong enterprise-wide security policies
Improve IT efficiency
Eliminate application security silos
Automate user managementImprove IT efficiency Automate user management
2008 Oracle Corporation Proprietary and Confidential 22 / 38
Phase 1: Static Security
Typical Solutions
A li ti
P i t
Applications
Access
Single Sign-
Perimeter Security Control
LDAP Directories
Single SignOnEncryption User
Provisioning
2008 Oracle Corporation Proprietary and Confidential 23 / 38
Directories
Phase 1: Static SecurityBenefits
Centralized Identity StoreSingle user name and password
Centralized Security PoliciesE t i id i ibilit i t h h t h tEnterprise wide visibility into who has access to whatSingle point of enforcement
Increased EfficienciesReduction in help desk callsI d l d ti itImproved employee productivity Free up valuable IT resources through automation
Improved Data ProtectionSafeguard sensitive data stored on disk/tape
2008 Oracle Corporation Proprietary and Confidential 24 / 38
Phases of Information Security Deployment
Service Oriented Security
SecuritySilos
StaticSecurity
Dynamic Security &
Compliance Security
Phase 3:N Phase 2:Phase 1:
Compliance
Phase 3: The Future
No Centralized
Security
Phase 2:Phase 1:
2008 Oracle Corporation Proprietary and Confidential 25 / 38
Phase 2: Dynamic Security and Compliance
Business Drivers IT Imperatives
New era of governance, risk, compliance
Automate compliance
Adaptive risk management Increasing sophistication of threats
Exposure to data breaches
Adaptive risk management
Rapid application deploymentExposure to data breaches
M&A integration Rising insider threat
Mitigate insider threat
2008 Oracle Corporation Proprietary and Confidential 26 / 38
Phase 2: Dynamic Security and Complianc
Typical Solutions
A li tiApplications
Role Management
Compliance Automation
Risk Based A C t l
Identity Virtualization
Fraud Prevention
Audit & Monitoring
2008 Oracle Corporation Proprietary and Confidential 27 / 38
Access Controltua at o
Phase 2: Dynamic Security and ComplianceBenefits
Compliance automationAccurate and timely audit reportsC t ffi i t t i bl liCost-efficient, sustainable complianceRepeatable process every audit
Identity Virtualizationde t ty tua at oSingle view of identity data without moving itNeutralize organizational barriers
Adaptive Risk Based Access Control Adaptive Risk Based Access ControlReal-time and context aware fraud preventionEasy to deploy strong authenticationIncreased customer confidenceIncreased customer confidence
Enterprise Role ManagementEasy realistic modeling of organizationEvents driving role life cycle managementAccurate and timely role based access control
2008 Oracle Corporation Proprietary and Confidential 28 / 38
Phases of Information Security Deployment
Service Oriented Security
SecuritySilos
StaticSecurity
Dynamic Security &
Compliance Security
Phase 3:N Phase 2:Phase 1:
Compliance
Phase 3: The Future
No Centralized
Security
Phase 2:Phase 1:
2008 Oracle Corporation Proprietary and Confidential 29 / 38
Phase 3: Service Oriented SecurityBusiness Drivers
Leverage Existing Investments- Bolting-on security is no longer cost-justifiable- Taking advantage of SOA driven enterprise
Increased Business AgilityS it t d t d t idl- Security management needs to adapt rapidly
Stronger Imperatives to Protect Privacy- Secure private data from scattering- Secure private data from scattering
2008 Oracle Corporation Proprietary and Confidential 30 / 38
Phase 3: Service-Oriented Security
Expected Solutions
SOA E bl dSOA Enabled Applications
Fine Grained A th i ti
Security as a Service
IdentityGovernance
2008 Oracle Corporation Proprietary and Confidential 31 / 38
Authorization
Phase 3: Service Oriented SecurityBenefit
Centralize and externalize granular authorization policies from within applicationsapplications
Policy updates are quickly enforceable without touching application code
Improves Compliance with reduced IT costsImproves Compliance with reduced IT costs
Enhances business responsiveness to changing security requirements
Rich policy model supports any complex entitlement scenario
Detailed Audit Reports on Who Can Do What
2008 Oracle Corporation Proprietary and Confidential 32 / 38
Oracle Security Solutions
AdvancedDatabaseIdentity Lifecycle
AccessManagement
DatabaseSecurityManagement
Directory Services
InformationFi G i dRole Management Label Security
Secure Backup
Identity & Access Data & ContentTrust & Federation
Analytics
InformationRightsManagement
Fine GrainedAuthorisation
Web ServicesSecurity Database
Identity & AccessManagement
Data & ContentSecurity
Attestation
Auditing
Fraud & Risk
Vault
Audit Vault
S.O.D.
GRC Process Management
GRC Reporting & Analytics
Compliance Automation
GRC Application Controls
GRC InfrastructureControls
2008 Oracle Corporation Proprietary and Confidential 33 / 38
Oracle Security Solutions
ApplicationsE-Business Suite, PeopleSoft, Siebel,
SAP Custom Legacy
Web Services
SAP, Custom, Legacy
Identity E SSOWeb ServicesManager
Role Manager
Enterpris
Identity
IdentityFederation
E-SSOSuite
Access Manager Adaptive A M Role Manager
Directory Services
se Manage
ManagementAccess Manager
Identity Manager
Access Manager
Advanced
Audit VaultDatabase Vault
r
DataL b l S itAdvanced
Security OptionSecurity Label Security
Information Rights Management
2008 Oracle Corporation Proprietary and Confidential 34 / 38
Forrester Wave for IdM
Oracle has established itself as Leader.Th F t W Id tit A d A M t Q1 2008- The Forrester Wave: Identity And Access Management, Q1 2008
Oracle reached the top of our evaluation through a combination of the breadth, depth, interoperability,the breadth, depth, interoperability, and packaging of its IAM features alongside the strategy and current state of market execution on its application-centric identity vision.application centric identity vision.- The Forrester Wave: Identity And Access Management, Q1 2008
2008 Oracle Corporation Proprietary and Confidential 35 / 38
IDM Global Big Reference
Financial ServicesFinancial Services Retail & ServicesRetail & Services
IDM Global Big Reference
30,000,000 4,000,000 140,000 200,000 3,000,000 60,000
Manufacturing & TransportationManufacturing & Transportation Technology & CommunicationsTechnology & Communications
11,000,000 25,000
70,000 370,000 5,000,000 1,650,000
300,000 20,000 50,000
200,000
20 000
350,000 2,500,000
Government & Public SectorGovernment & Public Sector HealthcareHealthcare
20,000 36,000 18,000,000 66,000 110,000 120,000 240,000
20,000
160,000 115,000
4,000 150,000
110,000
450,000
2008 Oracle Corporation Proprietary and Confidential 36 / 38
20,000 150,000
Ready for Run !!
2008 Oracle Corporation Proprietary and Confidential 37 / 38
2008 Oracle Corporation Proprietary and Confidential 38 / 38
