3rd Edition

Oracle Identity Management Governance, Risk, and Compliance Architecture, Third Edition

By Marlin B. Pohlman Copyright 2008
    552 Pages 111 B/W Illustrations
    by Auerbach Publications

    552 Pages
    by Auerbach Publications

    In today’s competitive marketplace with its focus on profit, maintaining integrity can often be a challenge. Further complicating this challenge is the fact that those assigned to the task of assuring accountability within an organization often have little, if any, visibility into the inner workings of that organization.

    Oracle Identity Management: Governance, Risk, and Compliance Architecture is the definitive guide for corporate stewards who are struggling with the challenge of meeting regulatory compliance pressures while embarking on the path of process and system remediation. The text is written by Marlin Pohlman, a director with Oracle who is recognized as one of the primary educators worldwide on identity management, regulatory compliance, and corporate governance.

    In the book’s first chapters, Dr. Pohlman examines multinational regulations and delves into the nature of governance, risk, and compliance. He also cites common standards, illustrating a number of well-known compliance frameworks. He then focuses on specific software components that will enable secure business operations. To complete the picture, he discusses elements of the Oracle architecture, which permit reporting essential to the regulatory compliance process, and the vaulting solutions and data hubs, which collect, enforce, and store policy information.

    Examining case studies from the five most regulated business verticals, financial services, retail, pharma-life sciences, higher education, and the US public sector, this work teaches corporation stewards how to:

    • Attain and maintain high levels of integrity
    • Eliminate redundancy and excessive expense in identity management
    • Map solutions directly to region and legislation
    • Hold providers accountable for contracted services

    Identity management is the first line of defense in the corporate internal ecosystem. Reconcilingtheory and practicality, this volume makes sure that defense is workable, responsive, and effective.

    Fundamental Concepts

    Enterprise Risk

    What is Risk Management?

    What is Risk Analysis?

    Risk Analysis Standards

    Common Vulnerabilities

    Maintaining the Knowledge Pool, Plans, and the Management Process

    Canadian Standard 1797 (CSA-Q850–97)

    Summary

    Compliance Frameworks

    Compliance Framework Taxonomy

    COBIT

    ISO 27001

    ITIL

    BSI IT-Grundschutz Methodology

    CMMI-SEI

    SoGP

    GAIT and GAISP

    NIST 800 Series

    COSO and Turnbull Guidance

    SAS 70

    Summary

    Oracle Governance, Risk, and Compliance Management Architecture

    Governance, Risk, and Compliance Control Domain Approach

    Conclusion

    IDENTITY MANAGEMENT SUITE

    Oracle Identity and Access Management Suite

    Overview

    Oracle’s Extended Identity Management Ecosystem and Control Effectiveness

    Regulatory Governance Mapping

    Summary

    Oracle Identity Federation

    Overview

    Typical Deployment Architecture

    Deployment Scenarios

    OIF Source Domain

    OAM Configuration Parameters

    Domains

    Assertion Mappings

    Summary

    Oracle Identity Governance Framework

    Oracle Enterprise Single Sign-On

    Overview

    Example of An Administrator Adding A New Application

    Deployment Architecture

    Installation and Administration

    Regulatory Governance Mapping

    Summary

    Oracle Internet Directory and Related Services

    Overview

    Implementation Detail

    Data Integrity Protection

    Directory Replication Groups

    Oracle Directory Integration Platform

    Oracle Certificate Authority

    Process Flow

    Oracle Wallet

    Summary

    Oracle Virtual Directory

    Overview

    Benefits

    Deployment Architecture

    Installation and Configuration

    A Simple OVD Deployment

    Join Adapter

    OVD BiDirectional Mappings and Plug-Ins

    Regulatory Governance Mapping

    Summary

    Oracle Security Developer Tools

    Overview

    Installation and Configuration

    Deploying and Running the Application

    Regulatory Governance Mapping

    Summary

    Oracle Access Manager

    Overview

    Extensions and Integration Points

    Deployment Architecture

    Access Elements

    Executables

    Authentication and Authorization Plug-ins


    Installation and Configuration

    Regulatory Governance Mapping

    Summary

    Oracle Web Services Manager

    Architecture

    Administrative Components

    Service-Oriented Architecture in OWSM

    Installation and Configuration

    OWSM Administration

    Extensibility of OWSM

    Security for Web Services


    Example: Authentication and Authorization Integrated with COREid


    Regulatory Governance Mapping

    Summary

    Oracle Identity Management

    Overview

    Logical Architecture


    Administration

    Administration of Users and User Entities

    Customizing the OIM Administrative Console

    Functionality

    Integration

    Installation and Configuration

    Post Installation Tasks


    Deployment Methodology


    Regulatory Governance Mapping

    Oracle Smart Roles

    Summary

    Identity Management Audit and Attestation

    Enterprise Manager for Identity Management

    Oracle Identity Tracker

    Oracle Identity Authenticator


    Oracle Adaptive Access Manager

    Oracle SSN Vault

    Oracle Identity Audit

    Oracle Integrating IdM and GRC Application Framework

    Oracle UMX User Management

    Peoplesoft Applications User Management

    Siebel Universal Customer Master

    Siebel Branch Teller

    iFlex


    Oracle Governance, Risk, and Compliance Manager

    Summary

    Integrating IdM and GRC Technology Platform

    Database Vault

    Audit Vault

    Enterprise User Security

    Stellent Universal Content Manager

    Records DB

    Secure Enterprise Search

    Oracle Data Integrator

    Compliance Designs

    Information Rights Management

    Trusted Information Sharing

    XML Publisher

    Hyperion Compliance Management Dashboard

    The Hyperion Basel II Compliance Solution

    Hyperion XBRL Server

    Summary

    GOVERNANCE LANDSCAPE

    Asia Pacific and Oceana

    Oceana

    Asia

    Summary

    Europe and Africa

    European Union

    Non-EU European Countries and Africa

    Sumamry

    Latin America

    Argentina

    Brazil

    Chile

    Columbia

    Ecuador

    Mexico

    Paraguay

    Peru

    Uruguay

    Venezuela

    Summary

    North America

    North American Payment Card Industry—Visa, Mastercard, American Express, Discover, and JCL

    United States


    Canada

    Summary

    APPENDICES

    A Regulatory to Technical Control Mapping

    B FISMA Technical Control Mapping

    C Oracle Governance Risk and Compliance Ecosystem

    Biography

    Marlin B. Pohlman