Archive for the ‘Compliance’ Category

Live Panel Discussion: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics

November 22, 2011 Leave a comment
Oracle Corporation
Oracle Security Solutions
Live Panel Discussion: - Managing Risk and Enforcing Compliance in Healthcare with Identity Analytic
Live Panel Discussion: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics
Featuring experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle

Electronic healthcare initiatives promise consumer empowerment and improved information exchange between providers, healthcare professionals, caregivers, and patients, with the ultimate goal of driving down costs. However, issues around patient privacy and unauthorized access to sensitive medical records (including VIP cases) continue to deter wider adoption of electronic healthcare initiatives.

Hear first-hand from a healthcare organization how metrics-driven identity analytics and closed-loop remediation offer actionable insight that empowers organizations to implement first-class security and compliance programs in health care’s emerging electronic age.

Join us for this complimentary webcast and listen to industry experts discuss:

  • Key security and regulatory requirements in healthcare establishments

  • The effective role of identity analytics solution in measuring and managing risk and enforcing regulatory compliance in healthcare organizations
  • Real world use cases and deployment scenarios

Register now for this Webcast

Brought to you by:


Healthcare IT News


November 29, 2011
10:00 a.m. PT / 1:00 p.m. ET


Jason W. Zellmer
Director, Identity and Access Management
Kaiser Permanente Information Security

Rex Thexton
Advisory Services

Viresh Garg
Director, Product Management

Mike Miliard
Managing Editor
Healthcare IT News

Hardware and Software, Engineered to Work Together
Oracle Fusion Middleware 11g
Copyright © 2011, Oracle. All rights reserved. Contact Us | Legal Notices and Terms of Use | Privacy Statement


Webcast Recording: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics

November 15, 2011 Leave a comment

Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics

Watch the webcast recording here!

There is a new awareness of the strategic value and role of information security in the enterprise. One of the key challenges facing CISO’s today is the pressure to demonstrate continuous compliance – across all business organizations for thousands of users with access to hundreds of applications. Metrics driven Identity Analytics, powered by rich risk analytics, is crucial in measuring how well IT supports the business and manages risk.

Hear from an end user the key elements required to satisfy business and audit requirements for user access certifications and identity controls. Learn how Oracle is leveraging its expertise in identity management, data mining, business processing and business intelligence to give enterprises the tools they need to mitigate risk, build transparency, satisfy compliance mandates and support business decisions.

This webcast covers:

  • Key elements for building a strong identity & access governance program
  • The advancements in identity and risk analytics offered with Oracle Identity Analytics 11g
  • An end-user’s perspective on user access certification use cases and implementation best practices

Watch today to hear about industry best practices from Stuart Lincoln, BNP Paribas, and Neil Gandhi, Principal Product Manager, as they talk about the latest advancements in identity analytics and learn how you too can benefit from making sense of technical identity data and transforming it into business-friendly information that is both insightful and actionable.

Slapping Funny This One

August 24, 2011 Leave a comment

Funny or not, you tell me.

Slapping Funny This One

We have all been there! Too many passwords to remember is a bug we are all suffering from. From my first dog to my first friend in school, my grandmother, my son and everyone in between, they have all made their appearance on my passwords roll. Life was easy (albeit a lot less secure) when you could get away with just putting in the names. Now there needs to be a combination of letters, symbols, numbers and more. And, you have to change it every few weeks.  So, with a different password for each of the systems and applications, how many permutation-combinations are you dealing with? And did you know that a single call to the help desk can cost as much as $25 to reset passwords?

Stop the madness. Learn how Oracle can help? Register now for your complimentary guide to single sign-on salvation.

Webcast, April 12: Automating User Provisioning, A User’s Perspective

Premieres: Apr 12, 2011, 14:00 EDT (18:00 GMT)
Click here to register.

User provisioning solutions offer tangible, often quantifiable, benefits. A Forrester Study* based on data from 4 customers concluded an ROI of over 200% and net cost savings of over $8M over 3 years post implementation of Oracle Identity Manager, Oracle’s user provisioning solution.  Additional benefits seen were around improved security and a tremendous boost in user productivity.

Join this FREE webcast to find out how Educational Testing Service (ETS), a private nonprofit organization devoted to educational measurement and research, is leveraging Oracle Identity Manager to meet its user administration needs. Hear first-hand from your peer how you can improve security and user productivity in your organization while reducing IT administration, helpdesk and other overhead costs at the same time.

Speaker: Jim Moran
Executive Director, IT, and CISO at Educational Testing Service (ETS)

Jim Moran is an Executive Director, IT, and CISO at Educational Testing Service (ETS).  His responsibilities include leadership of Enterprise Architecture, Information Risk, and Information Security for the company.  Jim has a long history of conceiving and leading large scale programs and projects, and translating technology trends and strategies into tangible business outcomes.

*Webcast registrants will receive a complimentary copy of: Forrester Study: The Total Economic Impact of Oracle Identity Manager, a commissioned study on behalf of Oracle Corporation


Forrester Study: The Total Economic Impact of Oracle Identity Analytics

January 10, 2011 Leave a comment

Your Guide to Computing Cost Savings with Automated Compliance

Walk through detailed return-on-investment calculations based on real customers’ data. Learn how Oracle’s Identity and Access Governance solution, Oracle Identity Analytics, may cut your compliance costs, quicken results and improve overall access governance.

Enjoy a complimentary copy of this study conducted by Forrester Consulting, on behalf of Oracle, and learn how a composite organization, built using actual implementation data from four Oracle customers, was able to realize a risk-adjusted ROI of over 60%. Leverage the ROI model, provided within this study, to do your calculations and design an implementation plan that meets your cost and compliance goals.

Click now to access your complimentary copy of the: “Forrester Study: The Total Economic Impact of Oracle Identity Analytics.

Click here to register for a live webcast by Andras Cser, Sr. Analyst with Forrester Research, who will be walking us through the detailed calculations from this TEI Study on Jan 26th, 12pm PST/3pm EST.


Oracle Identity Analytics 11g…all systems go!

Yesterday was a momentous day for the Oracle Identity Management team. With over 750 man months of development and 1300 man months of QA in this release, Oracle Identity Management 11g is a huge milestone! And Oracle Identity Analytics 11g is our first official release with Oracle post the Sun acquisition and the smooth migration of the highly successful Sun Role Manager product…and we are proud to have this strategic product moving forth in the Identity and Access Governance marketplace. I will take the time to discuss some of the great architectural innovations we have performed with this release and granted that primary work was done to assimilate Oracle Identity Analytics into Oracle Identity Management portfolio, our product engineering team was still able to fit in some great new features in here, which I will address.

Oracle Identity Analytics provides enterprise the ability to engineer and manage roles, automate critical identity-based controls and truly amalgamates Business Intelligence and enterprise security and access governance for cross product identity analytics. The various components of the products include:

1. Identity Warehouse

Identity Warehouse

Identity Warehouse

Identity Warehouse is the central repository that contains identity, access and audit data, optimized for complex analytical queries and simulations. This data is imported from one or more databases within your organization on a scheduled basis. The Oracle Identity Analytics import engine supports complex entitlement feeds saved as either text files or XML. A glossary entry, defined as a business friendly term for typically cryptic IT entitlements, can also be captured during the import process enabling business users to view and analyze user’s access rights in a business-friendly way. Oracle Identity Analytics provides strong and robust integration capabilities with the provisioning products including Oracle Identity Manager and Oracle Waveset.

2. Attestation of Access Rights with Cert 360

Identity Certification

Oracle Identity Analytics reduces operational risk exposure by providing a 360-degree view of users’ access – not just “who has access to what”, but whether access was appropriately assigned and how it is being used. Oracle Identity Analytics securely automates existing manual re-certification or attestation processes for certifying the user access rights by business managers and application owners. This significantly reduces costs associated with existing manual controls and enhances audit effectiveness, resulting in enforcement of “least privilege” across the enterprise. A significant amount of effort has gone into developing the next gen user interface of the attestation UI, focusing on the overall usability as well as the time to load a large amount of attestation data to the end user. Concepts such as paging, improved batching and lazy-loading allow for a much quicker sign-off experience for the end user and advanced searching, sorting and filtering capabilities enable the end user (or access reviewer) to view the data that matters to them the most and certify it with a single click.

3. IT Audit Policy Monitoring

Segregation of duties (SoD) enforcement prevents users from intentionally or inadvertently breaching security policy by having a conflicting combination of roles or entitlements. IT Audit Policy enforcement directly impacts an organization¹s ability to comply with explicit requirements of the Sarbanes-Oxley Act and multiple other regulatory mandates aimed at ensuring the integrity of enterprise financial operations.

4. Comprehensive Role Governance

Role Mining

Oracle Identity Analytics’ role mining feature allows customers to conduct role mining based on organization, user and entitlement attributes to clean up and organize existing entitlements towards a role-based setup.  The Identity Warehouse is used to capture the necessary information about users, entitlements and their relationships – allowing OIA to perform both top-down and bottom-up role mining.  The role-mining feature also provides rule discovery to correlate rules between approved roles and attributes for use in role assignment.  Once the roles are defined, role change management ensures approval workflow for any role creation and role definition changes along with version tracking to monitor the history of these controls. Comprehensive reports and dashboards to drill down and tweak role content are also provided with the solution. Roles defined across an enterprise are subject to evolve over time, and require a robust administration and governance process. Oracle Identity Analytics provides role approvals upon detection of associated entitlement updates and performs real time impact analysis for role consolidation before changes are applied in a live environment. The role change approval process combined with role versioning, role change “what if” simulations, and rollback features, provides a complete role administration solution. Oracle Identity Analytics also fully audits all the changes made to role definitions including role assignment rules and entitlement mapping policies.

5. Compliance Command Console

Compliance Command Console

Compliance Command Console

Oracle Identity Analytics provides comprehensive actionable dashboards and advanced analytics capabilities based on user identity, access and audit data residing in the Identity Warehouse. Oracle Identity Analytics provides various compliance and operational dashboards for a quick review of compliance and operational status in context of roles, segregation of duty policies, audit policies and other controls. While compliance dashboards are typically used for executive level compliance monitoring, detailed out of box reports enables IT staff, business users and auditors to structurally analyze the warehouse data. The dashboards can further be customized for business users, compliance and audit officers and other end users on need basis. While Oracle Identity Analytics provides close to 50 out of box reports, its data dictionary is published to allow customers to extend these reports and build custom reports.

For more information on Oracle Identity Analytics 11g, please visit us at the Oracle Technology Network.

On Data Ownership…

In order to understand the concept of data ownership, I think its important to first attempt to understand how data can be classified within an enterprise. With most organizations, data can be classified into three main categories:

1) Classified: would represent the most critical business information, intended for use strictly for authorized personnel. This could include PII (personally identifiable information) and this could be personal credit level information or health related information.

2) Confidential: this would include less sensitive information, can be used within the organization when deemed appropriate by designated data owners.

3) Public: this is all information that can be shared outside the organization, once approved.

It is important to understand what the word “data” means within the context of an organization. Data can be any information which could include personal employee information beginning with their street address to their social security number, health care records (PII or ePHI), intellectual property, any financial information, and most importantly any access control or entitlement information, granting access to critical target systems and business applications. This could also include network access level information, from IP addresses to server names to account ids and passwords. As you can tell, the list can explode, and every organization defines it uniquely.

data owner can now be defined as designated party responsible for maintaining the integrity of the information we just attempted to define above. A data owner is responsible to manage, update and assess any risks associated to data. Eventhough the data eventually belongs to the organization, a data owner shepherds the data and protects it against any harmful entities and ensures that it is maintained with accordance to the organization’s pre-determined guidelines. Finally, data owners take the necessary steps to ensure controls and policies are implemented and managed in the storage, handling, distribution, and regular usage of this data.

From a compliance perspective, it is extremely important for data owners to attest the users authorized to access the information they are owners for. With identity based information, periodic reviews that allow data owners to verify permissions given to employees by their business managers are indeed what the employee is accessing, and should have access to. The advantages of this are:

1) Prevents data hoarding, with too many users accessing data. Managers may not be aware of the criticality of the data and may approve access to the data, such as an Active Directory group membership, an SAP Role or a RACF group.

2) Allows data owners to bring their expertise to the table and attest users accessing the data while revoking access to users that should not be permitted to view this data.

3) Allows data owners to gauge the interest levels in the data they manage and allows them to create alternative views to information if possible, and then ensuring the right users are accessing the appropriate data.

In the market today, products such as Oracle Identity Analytics provide this attestation capability that allows designated data owners to attest the users that access the data they are owners for. This is a very data centric view and a bottom up approach to user attestation. Nevertheless, a necessary approach that allows for a second set of eyes validating the integrity of critical information…I mean, data.