General Information

Cryptography

Oracle Banking Branch uses cryptography to protect sensitive data.

For encryption, AES, which is considered to be the gold standard, is used. It produces a key size of 256 bits when it comes to symmetric key encryption.

Security Patch

Security patches need to be applied whenever it’s available for the applicable product version.

Oracle Database Security Suggestions

Table 3-1 Oracle Database Security Suggestions

Security Suggestion	Description
Access Control	Database Vault (DV) Provides enterprises with protection from insider threats and in advantage leakage of sensitive application data. Access to application data by users and administrators is controlled using DV realms, command rules, and multi-factor authorization. DV also addresses Access privilege by separating responsibilities.
Data Protection	Advance Security provides the most advanced encryption capabilities for protecting sensitive information without requiring any change to the application. TDE is a native database solution that is completely transparent to the existing applications. Advance Security also provides strong protection for data in transit by using network encryption capabilities. Features like Easy to deploy, ensure secure by default to accept communication from the client using encryption, Network encryption using SSL/TLS.
Monitoring and Compliance	Audit Vault (AV) transparently collects and consolidates audit data from multiple databases across the enterprise, does provide valuable insight into who did what with which data and when including privileged users. The integrity of the audit data is ensured using controls including DV, Advance Security. Access to AV data is strictly controlled. It also does provide graphical summaries of the activity causing alerts, in addition, database audit settings are centrally managed and monitored.

Security Suggestion

Description

Access Control

Database Vault (DV) Provides enterprises with protection from insider threats and in advantage leakage of sensitive application data. Access to application data by users and administrators is controlled using DV realms, command rules, and multi-factor authorization. DV also addresses Access privilege by separating responsibilities.

Data Protection

Advance Security provides the most advanced encryption capabilities for protecting sensitive information without requiring any change to the application. TDE is a native database solution that is completely transparent to the existing applications.

Advance Security also provides strong protection for data in transit by using network encryption capabilities. Features like Easy to deploy, ensure secure by default to accept communication from the client using encryption, Network encryption using SSL/TLS.

Monitoring and Compliance

Audit Vault (AV) transparently collects and consolidates audit data from multiple databases across the enterprise, does provide valuable insight into who did what with which data and when including privileged users. The integrity of the audit data is ensured using controls including DV, Advance Security. Access to AV data is strictly controlled. It also does provide graphical summaries of the activity causing alerts, in addition, database audit settings are centrally managed and monitored.

Oracle Software Security Assurance – Standards

Every acquired organization must complete the Mergers and Acquisitions (M&A) Security Integration process. The issues identified during this review must be addressed according to the agreed-upon M&A remediation plan. The acquired organization must complete SPOC assignments and plan the integration of OSSA methodologies and processes into its SDLC.