Tavola disegno 1 copia

AlmavivA sponsors the Oracle Security Symposium. Milan, 7 October - Atahotel Executive

AlmavivA sponsors the Oracle Security Symposium. Milan, 7 October - Atahotel Executive

15-09-2008

AlmavivA, long committed to meeting the data security needs of its customers, will be attending the Oracle Security Symposium, on the next 7th October, at Atahotel Executive in Milan.

09/15/2008
AlmavivA sponsors the Oracle Security Symposium. Milan, 7 October - Atahotel Executive

AlmavivA, long committed to meeting the data security needs of its customers, will be attending the Oracle Security Symposium, on the next 7th October, at Atahotel Executive in Milan. AlmavivA, a partner of Oracle, is also a member of the Oracle Community for Security, which promotes the exchange and pooling of experiences among the top market players and training on Oracle technologies.
 
The conference is dedicated to ”IS Governance and GRC Security Tools – Governance Risk & Compliance” and is an opportunity to present experiences to the Community partners and solutions to target customers (IT Managers and CIO, DBA…), besides learning the opinions of the key market players on the issues of information security and governance, risk management and compliance.
 
Andrea Mercurio will be speaking, for AlmavivA, at the Information Technology Session on the subject of “The implementation of privacy regulations in DB administration”.

 

Participation in the Oracle Security Symposium is free of charge but subject to availability, due to limited seating. Register online today.

  


TITLE: The implementation of privacy regulations in DB administration
 
ABSTRACT: "For a number of years now the organizations engaged in the processing and custody of data have been developing measures aimed at effectively implementing the data protection and privacy regulations and meeting the security expectations of citizens, after they have provided their personal data. How, therefore, can we combine discretionary and potentially dangerous and illegal practices, such as the requests received by the DBAs to access tables and diagrams stored in the databases, to set up copies of operating data in test environments, to store on tape unencrypted data, and the best intentions of the Security Managers in charge?
 
This presentation shows the significant issues and how it was possible, in such a varied and complex a scenario as one of the largest Italian social security organizations, to implement the principles of need-to-know and of the separation of roles, while preventing – with Oracle Vault – the performance of SQL statements by the DBAs, with respect to the social security details managed by the Organization, and confining to a security role the power of defining which DB items needed restricted access and the implementation of auditing functions.

 
We will also see how we managed to extend guarantees of data confidentiality from the live database objects to the copies on tape, by encrypting them with Oracle Transparent Data Encryption (TDE) and preventing the storage operatives from undisturbedly reading them during the retention time or, even worse, restoring the data on demand to other environments of the software lifecycle.
 

In a nutshell, the Oracle solutions allow the Organization to ensure the integrity and confidentiality of its databases, breaking down the complex control scenario into application and data layers and, at the same time, extending security to the entire data processing and storage chains, transparently, without requiring changes to the code".

 
 

SPEAKER: Andrea Mercurio - Security Competence Center Manager, Gruppo AlmavivA