|
Archived Security Articles
|
10 May 2013
|
Secure Access for 75,000 IT System Users at UPMC [30911]
University of Pittsburgh Medical Center
Committed to developing and delivering life-changing medicine, University of Pittsburgh Medical Center (UPMC) is a US$10 billion, integrated, global health enterprise and one of the leading health systems in the United States. UPMC operates more than 20 academic, community, and specialty hospitals and 400 outpatient sites; employs more than 3,200 physicians; and offers an array of rehabilitation, retirement, and long-term care facilities. It is also Pennsylvanias largest employer and the first nonprofit health system to fully adopt Sarbanes-Oxley standards.
A recognized innovator in information technology, UPMC has deployed an electronic health record across its hospitals and has implemented a semantic interoperability solution to unify information from multiple systems...
(Get More Information . .)
|
|
10 May 2013
|
CSO Online Study: Threats are Outside, Risks are Inside [30917]
Oracle recently worked with CSO Online to study the economics of security
Oracle recently worked with CSO Online to study the economics of security. Despite the the increasing IT spend on security, many organizations don't feel any safer. According to the study, organizations allocate up to 67% of their IT security spend protecting network resources. However, the biggest risk in many organizations is weak governance controls on user access and application security. According to the latest Verizon Data Breach Report 2013 , 76% of attacks utilize lost or stolen credentials as a means of entry or propagating the attack.
According to the survey, 40% believed that implementing fragmented point solutions created gaps in their security and resulted in vulnerability. Fragmentation creates latency in security processes and latency introduces risk. According to a similar study by Aberdeen Research, organizations that take an integrated platform approach had 35% fewer audit deficiencies and were more responsive.
The findings underscore the relevance of Oracle's "security inside-out" approach which means focusing attention on the organization's most strategic assets which include applications, databases, systems, and users.
(Get More Information . .)
|
|
10 May 2013
|
Oracle Unified Directory 11gR2PS1 [30919]
An all-in-one directory solution with storage, proxy, synchronization and virtualization capabilities
Etienne Remillon writes, "Oracle Unified Directory is an all-in-one directory solution with storage, proxy, synchronization and virtualization capabilities.
While unifying the approach, it provides all the services required for high-performance enterprise and carrier-grade environments. Oracle Unified Directory ensures scalability to billions of entries, ease of installation, elastic deployments, enterprise manageability and effective monitoring.
Some of the new features provided by this Patch Set:"
- Extensibility framework via Plug-in API
- Support for Macro ACIs
- Additional use cases for Oracle database enterprise user security (EUS) including Proxy mode to other - directories and Kerberos and Certificate based authentication
- ODSM console supported on IBM WebSphere
- Increased performance
Oracle Unified Directory is part of Oracle Directory Services Plus which provides comprehensive directory solutions for robust identity management deployments.
(Get More Information . .)
|
|
22 Apr 2013
|
'Function Security and Role-Based Access Control (RBAC) in Oracle E-Business Suite' [30625]
New Oracle Whitepaper on the Latest Work in RBAC
The new white paper "Function Security and Role-Based Access Control (RBAC) in Oracle E-Business Suite (Note 1537100.1)" (registration and log-in required) draws some praise from Chris Warticki, who explains that it illustrates two main ways to implement security in Oracle E-Business Suite: traditional Oracle E-Business Suite responsibility-based security (usually referred to as function security) and Role-Based Access Control. According to Sara Woodhull in a separate post, the whitepaper is written for Oracle E-Business Suite system administrators, super-users, and implementers. It applies to Oracle E-Business Suite Release 11i, 12.0, and 12.1.
(Get More Information . .)
|
|
29 Mar 2013
|
An Overview and a How-to on Protecting Your Oracle Solaris Zone Cluster [30349]
Labeling Zones for Appropriate Access
Rick Ramsey posts an introduction to zones, clustering, and trusted extensions and a link to a paper by Subama Ganguly on building a secure zone cluster with trusted extensions. As Ramsey writes in his introduction, "Oracle Solaris Trusted Zone clusters became available in Oracle Solaris Cluster 4.1. They are zone clusters with the security capabilities (mandatory access control or MAC) provided by Trusted Extensions. The zones in the cluster are labeled in the same way that other objects are labeled, so that only other objects with the same (or higher) sensitivity label can access them. Subama Ganguly walks you through setting one up.
(Get More Information . .)
|
|
21 Mar 2013
|
Virgin Media Takes Identity Management Underground [30250]
Oracle Identity Management Gave Virgin Media the Security and Control to Provide Free Wi-Fi to Millions
Learn how Virgin Media, the UKs first combined provider of broadband, TV, mobile, and home phone services, used Oracle Identity Management, Oracle Virtual Directory, and Oracle Entitlements Server to serve more than 10,000 new users daily as the 2012 Olympics brought millions of athletes, support crews, vendors, and spectators into London. The infrastructure also supported up to 800,000 sessions every daywhich peaked at 24,163 simultaneous users, to which one must add millions of tweets, Facebook posts, and more. A Webcast shows how Virgin Media leveraged successfully leveraged back-end legacy systems that were never designed to be externalized. Log-in and registration required.
(Get More Information . .)
|
|
|
|
|
