http://www.integrigy.com These are the search results for the query, showing results 1 to 15. http://www.integrigy.com/security-resources/whitepapers/integrigy-ioug-credit-cards-oracle-pci-dss.pdf IOUG COLLABORATE 2011 - Credit card data breaches are headline news thus organizations must properly protect credit card data or risk being tomorrow's headline. If an Oracle Database "stores processes or transmits credit card numbers" it must comply with all the requirements of the Payment Card Industry (PCI) Data Security Standard (DSS) regardless of size or transaction volume. This presentation will provide an overview of the PCI requirements and discuss how each requirement impacts the Oracle Database. Best practices and guidance for securing credit card data and complying with PCI will be discussed especially the most difficult to address requirements of encryption security patches and auditing. No publisher skost COLLABORATE PCI Oracle Database 2011-06-03T21:51:06Z File http://www.integrigy.com/security-resources/whitepapers/integrigy-ioug-real-life-database-security-mistakes.pdf IOUG COLLABORATE 2011 - You did everything by the book followed the database security checklists and implemented security best practices but one day you find significant security issues in one of your databases. How did this happen? After auditing hundreds of databases I have compiled a list of common database security mistakes and potentials causes of each mistake. Common database security mistakes can impact every aspect of the Oracle Database and include reappearing default passwords misapplied Critical Patch Update security patches and wayward privileges and grants. Based on audits of hundreds of databases learn the facts and statistics behind what security vulnerabilities most likely exist like which database accounts are most often have default passwords. No publisher skost COLLABORATE Oracle Database 2011-04-21T16:35:26Z File http://www.integrigy.com/security-resources/whitepapers/integrigy-oaug-real-life-oracle-ebs-mistakes.pdf OAUG COLLABORATE 2011 - You did everything by the book, followed the database security checklists, and implemented security best practices, but one day you find significant security issues in your Oracle E-Business Suite implementation. How did this happen? I have compiled a list of common database, application server, and application security mistakes and potentials causes of each mistake. Learn from other's mistakes and what you can do to prevent these mistakes from happening on your watch. No publisher skost COLLABORATE Oracle E-Business Suite 2011-04-21T16:35:39Z File http://www.integrigy.com/security-resources/whitepapers/integrigy-oaug-protecting-sensitive-data-in-oracle-ebs.pdf OAUG COLLABORATE 2011 - To protect sensitive data, like Social Security numbers, in Oracle E-Business Suite environments, numerous Oracle technologies and third-party products exist that all promise to be your next silver bullet. However, implementing these technologies is challenging and there are significant limitations and often certification issues. Best practices and client success stories with encryption, scrambling, and auditing will be discussed with solutions ranging from simple SQL scripts to expense add-on products. No publisher skost COLLABORATE Oracle E-Business Suite 2011-04-21T16:36:03Z File http://www.integrigy.com/security-resources/whitepapers/Integrigy-Oracle-Database-Security-Quick-Reference.pdf A quick reference with important security information for all supported Oracle Database versions. This handy reference page lists default database accounts, Critical Patch Update information, system privilege maps, and auditing information. No publisher skost Oracle Database 2011-04-05T16:01:21Z File http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle_EBS_Security_Quick_Ref.pdf A quick reference with important security information for Oracle E-Business Suite 11i and R12. This handy reference page lists default user accounts, default ports, important patches, and auditing setups. No publisher ploneadmin Oracle E-Business Suite 2011-04-05T16:00:49Z File http://www.integrigy.com/security-resources/whitepapers/integrigy_upgrade_security_in_your_r12_upgrade.pdf The upgrade from Oracle E-Business Suite (EBS) 11i to R12 is a unique opportunity to improve the security of your implementation by resolving existing security issues, configuring R12 securely, and taking advantage of new security features in R12. This presentations highlights R12 security changes and discuss a framework for a security focused R12 upgrade project. No publisher skost R12 Oracle E-Business Suite 2011-02-25T19:22:15Z File http://www.integrigy.com/security-resources/whitepapers/OAUG-Integrigy-Oracle-Critical-Patch-Updates-Unwrapped.pdf OAUG 2009 COLLABORATE Presentation - Security bugs in Oracle Applications are now fixed by Oracle on a quarterly basis with Critical Patch Updates (CPU). The security researcher who has discovered many of these bugs will provide insight into the types of security issues fixed by these patches. Understand what are buffer overflows and SQL injection attacks by seeing how these types of security bugs compromise the security of Oracle Applications. Best practices for installing and testing CPU patches will be discussed. No publisher skost 2009-05-07T19:07:34Z File http://www.integrigy.com/security-resources/whitepapers/IOUG-Integrigy-Oracle-Critical-Patch-Updates-Insight-Understanding.pdf IOUG 2009 COLLABORATE Presentation - Ever wonder what is being fixed in an Oracle Critical Patch Update? This session will provide an inside look at the Critical Patch Updates (CPU) and the security bugs fixed by the CPU patches. Understand what are buffer overflows and SQL injection attacks by seeing how these types of security bugs compromise the security of the database. Learn about the complexities of the CPU patches including certification issues, patch differences across operating systems, and why the latest database version may have not yet released security fixes. Best practices for installing and testing CPU patches will be discussed. No publisher skost 2009-05-07T19:05:22Z File http://www.integrigy.com/security-resources/whitepapers/Integirgy-IOUG-2009-Real-World-Database-Auditing.pdf IOUG 2009 COLLABORATE Presentation - Database auditing is one of the most misunderstood and neglected database features, however, database auditing is becoming a key requirement for many organizations compliance activities. This presentation will address four key topics related to database auditing: selecting the right auditing technology, determining the performance impact of auditing, protecting audit data, and reporting on audit data. To help in the selection of the proper database auditing solution, the major auditing technologies will be reviewed including native database auditing, Fine-Grained Auditing (FGA), custom triggers, Oracle Audit Vault, and third-party network and agent-based auditing solutions. To differentiate the auditing technologies, pros and cons for each solution will be presented along with performance detailed metrics for common auditing scenarios. Capturing audit data is actually the easy part and the hard part of any comprehensive auditing strategy is protecting the audit data and intelligently reporting on the audit data. Best practices for protecting the audit data and transforming audit data into actionable information will be presented. No publisher skost 2009-05-07T19:02:45Z File http://www.integrigy.com/security-resources/whitepapers/IOUG_Real-life_Database_Security_Mistakes.pdf IOUG COLLABORATE 08 Presentation - You did everything by the book, followed the database security checklists, and implemented security best practices, but one day you find significant security issues in one of your databases. How did this happen? After auditing hundreds of databases, I have compiled a list of common database security mistakes and potentials causes of each mistake. Learn from other's mistakes and what you can do to prevent these mistakes from happening on your watch. Common database security mistakes can impact every aspect of the Oracle Database and include reappearing default passwords, misapplied Critical Patch Update security patches, and wayward privileges and grants. Time is the chief enemy of database security as many security mistakes are innocently introduced over time, so security needs to be a process rather than a one-time task. No publisher skost COLLABORATE Oracle Database 2008-04-18T18:25:31Z File http://www.integrigy.com/security-resources/whitepapers/IOUG_Oracle_Critical_Patch_Updates_Unwrapped.pdf IOUG COLLABORATE 08 Presentation - Ever wonder what is being fixed in an Oracle Critical Patch Update? As a follow-up to the 2007 IOUG SELECT Journal article "Oracle Critical Patch Updates: Common Questions", this session will provide an inside look at the Critical Patch Updates (CPU) and the security bugs fixed by the CPU patches. Understand what are buffer overflows and SQL injection attacks by seeing how these types of security bugs compromise the security of the database. Learn about the complexities of the CPU patches including certification issues, patch differences across operating systems, and why the latest database version may have not yet released security fixes. Best practices for installing and testing CPU patches will be discussed. No publisher skost COLLABORATE Oracle Database Oracle Critical Patch Update 2008-04-18T18:23:09Z File http://www.integrigy.com/security-resources/whitepapers/OAUG_Oracle_Critical_Patch_Updates_Insight_and_Understanding.pdf OAUG COLLABORATE 08 Presentation - Security bugs in Oracle Applications are fixed by Oracle on a quarterly basis with Critical Patch Updates (CPU). The security researcher who has discovered many of these bugs will provide insight into the types of security issues fixed by these patches. Understand what are buffer overflows and SQL injection attacks by seeing how these types of security bugs compromise the security of Oracle Applications. Best practices for installing and testing CPU patches will be discussed. No publisher skost COLLABORATE Oracle E-Business Suite Oracle Critical Patch Update 2008-04-18T18:22:48Z File http://www.integrigy.com/security-resources/whitepapers/Building_an_Audit_Trail_in_an_Oracle_Applications_Environment.pdf Sarbanes-Oxley’s section 404 requires a company’s key systems be audited. However, many companies have 'unauditable' systems and don’t even know it. This paper explores methods by which companies can create an auditable system by implementing various levels of audit trails in Oracle Applications. This paper was co-written with Jeffrey Hare of ERP Seminars and was the featured article in the Spring 2006 issue of OAUG Insight magazine. No publisher ploneadmin Sarbanes-Oxley (SOX) Oracle E-Business Suite 2007-04-11T20:01:06Z File http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle_Listener_TNS_Security.pdf A guide to properly securing the Oracle Database Listener. Integrigy Consulting has found the Database Listener to be one of the most frequently overlooked security risks at customers. An overview of the Database Listener, its unique security risks, and step-by-step recommendations for securing it are provided. No publisher ploneadmin Oracle Listener Oracle Database 2007-04-01T00:26:08Z File