• No results found

Estrategias para la Reducción de Riesgos y Ciber Ataques

N/A
N/A
Protected

Academic year: 2021

Share "Estrategias para la Reducción de Riesgos y Ciber Ataques"

Copied!
35
0
0

Loading.... (view fulltext now)

Full text

(1)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1

Estrategias para la Reducción de

Riesgos y Ciber Ataques

Luis Zamora

(2)

This document is for informational purposes. It is not a commitment to

deliver any material, code, or functionality, and should not be relied upon in

making purchasing decisions. The development, release, and timing of any

features or functionality described in this document remains at the sole

discretion of Oracle. This document in any form, software or printed matter,

contains proprietary information that is the exclusive property of

Oracle. This document and information contained herein may not be

disclosed, copied, reproduced or distributed to anyone outside Oracle

without prior written consent of Oracle. This document is not part of your

license agreement nor can it be incorporated into any contractual

(3)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3

CRM

Social

Banca

Móvil

Servicios de

Manufactura

Transformación

del Negocio

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3

Atención al

Ciudadano

Fuerza de

Trabajo móvil

Servicios de

Salud

Venta a

Detalle

Servicios en

la nube

(4)
(5)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5

LinkedIn

Passwords

ROBADOS

6M

Sony

Tarjetas Credito

ROBADAS

12M

FRAUDE

$

7B

Société

Générale

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5

(6)

FRAUDE

$

7B

Société

Générale

LinkedIn

Passwords

ROBADOS

6M

Sony

Tarjetas Credito

ROBADAS

12M

(7)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 7

1.

Perdida de Imagen de Marca

2.

Multas

3.

Perdidas Financieras

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 7

(8)

Presupuesto de

Seguridad gastado en

40

%

SOX

ISO27001

SEC

FIPS

CJIS

NERC

FERC

KASB

CA 541

Directive 95/46/EC

(9)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9

Seguridad Dispositivos

Administración de

Vulnerabilidades

Seguridad de Red

Seguridad de eMail

Costo Promedio de

Seguridad

$

400

$

500

acceso a

registros de

web\app

server

ataques a

servidores

acceso a

registros de

db servers

hacking

desde

información

robada

uso

inapropiado

de privilegios

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9

(10)

90

%

De las

empresas

con “apps”

móviles en

2014

62%

dependerá

sociales para conectarse con

de las redes

los clientes actuales y

potenciales

Guarda

passwords

76

%

Guarda

passwords

como

10

%

(11)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 11

Login with Facebook

o…

Name:

Confirm Password:

Job Title:

Department:

Address:

Email:

Username:

Password:

Submit

OAuth

(12)
(13)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 13

1 2 3 privacidad

(14)

Access

Request

Certification

Review

Help Desk

Tickets

Access

Control

Off

Boarding

User

Provisioning

y

On-boarding

(15)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 15

Société Générale

Sony

LinkedIn

Las

VULNERABILIDADES

estaban

(16)

SEGURIDAD

INSIDE OUT

ADMINISTRAR LOS RIESGOS

VER NUEVAS OPORTUNIDADES

PREVENIR LAS AMENAZAS

(17)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 17

DETECION DE FRAUDE

SEGURIDAD DE DATOS

REPORTE DE

CUMPLIMIENTO

control

control

control

control

control

control

control

control

Asegurar Datos

Mover controles

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 17

(18)

SEGURIDAD

ENTRE SISTEMAS

SEGURIDAD

A CADA NIVEL

S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y

SEGURIDAD

ENTRE NIVELES

(19)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19

5

MAYORES

PREOCUPACIONES

• Acceso a datos desde

&

• Cambios en

• Co-habitat de

(20)

ENABLING

THE

SECURING THE

(21)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 21

COMPLETE GOVERNANCE

GOVERNANCE

OPERATING

SYSTEMS

DIRECTORY

SERVICES

APPS

APPLICATIONS

COMMON REPOSITORY

DATABASES

SINGLE

USER

VIEW

ACCESS

REQUEST

ENTITLEMENT

CATALOG

PRIVILEGED

ACCOUNT

MANAGEMENT

ACCESS

CERTIFICATION

(22)

MANAGEMENT

IDENTITY

FEDERATION

EXTERNAL

AUTHORIZATION

ENTERPRISE &

WEB SINGLE

SIGN-ON

MOBILE & SOCIAL

SIGN-ON

FRAUD

DETECTION

EMPLOYEES

CONTRACTORS

& PARTNERS

CUSTOMERS

& PROSPECTS

(23)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 23

SERVICES

USER

AUTHENTICATION

LOCATION

DATA

EXTREME

SCALE

LOW

TCO

INTEGRATED

INTEROPERABLE

DEVICE

AUTHN

NAMING

SERVICES

HOST

ACCESS

CONTROL

APP

(24)

Disponible desde

(25)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 25

Data Masking at Source

Privilege Analysis

Integrated Audit Framework

Data Redaction

Database Vault Mandatory Realms

Sensitive Data Discovery

Security

(26)

Situación

: Oracle cloud requiere seguridad

para datos de cliente y aplicaciones.

Retos

: Proveer single sign-on y autorización

de acceso a aplicaciones web con

administración centralizada.

Solucion

: Oracle Identity Manager,

Oracle Internet Directory &

Oracle Access Manager

Resultados

: Aprovisionamiento, autenticación

y autorización de acceso de usuarios.

Nuestra Cloud

(27)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 27

Situación

: 2000 usuarios accesando

PeopleSoft desde dispositivos móviles.

Retos

: Proveer detección efectiva de fraudes

y fuertes normas de autenticación.

Solución

: Oracle adaptive access hosted by

Oracle Managed Cloud Services

Resultados

: 75% de los usuarios

implementados en una semana. Ahorro del

50% comparado con el uso de tokens físicos

de autenticación.

Fraud detection & secure mobile access

(28)

SECURITY

WITHOUT

COMPROMISE

HARDWARE

SOFTWARE

(29)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 29

Identity Management

Seguridad de Infrastructure

Servicios de Consultoria

Seguridad de DB

Gobierno & Cumplimiento

SOLUCIONES

SOLUCIONES

(30)

INSIDE

OUT

SEGURIDAD

DEFENSA

A FONDO

ASEGURA

LO

ESTRATEGICO

(31)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 31

(32)
(33)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 33

(34)
(35)

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 35

TU FUTURO

References

Related documents

(e) "Product Identity" means product and product line names, logos and identifying marks including trade dress; artifacts; creatures characters; stories, storylines,

Specifically, the paper draws on a wide array of literatures and also highlights 31 experiences from across the world that are relevant to achieving one or more of the

In the next part, to explain the existing hybrid approach [9] proposed by Asoke K Talukder et al for threat modeling and introduce some modifications to it, which is done by using

Power and Glory and Thanksgiving be to my Lord Jesus Christ forever and ever... [3] Then Judas, which had betrayed him, when he saw that

As outlined in the Method section of the first chapter, two hundred user-generated YouTube videos relating to the Christchurch earthquakes were gathered for analysis and,

(3) hippocampal subfield mapping. Each subfield map was masked by the entire hippocampus generated by either FreeSurfer or FIRST to obtain two new sets of subfield volume measures.

10.1 Introduction 147 10.2 Risk 1: Underestimating the Strategic Value of Procurement 149 10.3 Risk 2: Underestimating the Strategic Value of Outsourcing 150 10.4 Risk 3: