Tag: Security

The Critical Patch Update for April 2022 was released on April 19, 2022. Oracle strongly recommends applying the patches as soon as possible. If you are new to this process, please review Oracle's Security Fixing Policies and the Critical Patch Update Advisory. After reviewing these resources, if you are unable to determine if you require a software update, or how to apply it, please contact Oracle Support.

  • Quest Customer Learning Team
  • Blogs
  • 4/25/22

Today’s business environment presents a myriad of challenges for organizations looking to secure identity, protect sensitive data, and reduce risk from fraud. Between a combination of dynamic (remote) access requirements and complex business processes, it is clear that modern security strategies must simultaneously focus on the application, transaction, and data levels in order to be effective. But in a landscape of disparate solutions, detective controls, and static governance – how can you evolve and modernize your security strategy? What should you truly be focused on?

Join Greg Wendt, Oracle security expert and Executive Director of Security Solutions at Appsian as he breaks down today’s most pressing security challenges and provides best practices for organizations looking to ramp up their multi-layer security strategy – quickly and most effectively.

In this session, you will learn:

•How to achieve a common control framework of data security & data privacy (for EBS and cross-application)
•How to identify and mitigate the most common responsibility conflicts that lead to SoD violations
•How to implement and enforce strong controls for data loss prevention in order to prevent overexposure and exfiltration
•How to implement security controls that help comply with IT security audits, SOX, GDPR, and other mandates

Speaker: Greg Wendt, Executive Director Security Solutions, Appsian Security

2021 QXW 

What extraneous details in your system are creating unnecessary effort or organizational risk? Whether you are researching someone’s access, troubleshooting performance and access problems, or responding to audit questions; unnecessary security records can be costing you time and money. We will discuss what you should be on the lookout for, why, and how to quickly either get visibility to or clean up this data.

(1)Identify Cleanup Opportunities

(2)Demo Tools That Can Assist

(3)Discuss Risks If Cleanup is not Completed

Presented by Linda Nelson, Business Success Director, ALLOut Security

  • Quest Customer Learning Team
  • Recordings & Presentations
  • 12/08/21

2021 QXW

From expanding data privacy mandates to the growth of phishing attacks – the focus of your security strategy should be squarely on your data (and how your users interact with it). Traditional access controls are no longer sufficient at protecting sensitive data – especially when access is available beyond the firewall. Data masking and dynamic transaction controls are key tactics used to control the exposure of sensitive information, but both are not natively available in PeopleSoft. Masking capabilities are very limited out-of-the-box, and dynamic controls are simply not available given PeopleSoft’s role-based governance model.
Join the PeopleSoft Security experts at Appsian as they discuss how to enhance your data privacy model by:
• Exploring how security and compliance risks can be addressed with data masking
• Reviewing the current limitations of PeopleSoft’s native data security/privacy features
• Learning how a policy-based solution (dynamic transaction controls) can be used to efficiently address these challenges
• Discovering how centralized administration and policy management can accelerate go-live and reduce the total cost of ownership.

Presented by Greg Wendt, Appsian Security

Dec 2 @  2:00pm

Is an outdated JD Edwards security model holding you back? The last eighteen months have taught us that we need to be able to respond quickly to unforeseen risks and changes in working practices. We also need agility to grasp opportunities that may demand operational changes. If your security model is a bit long in…

Presented at INFOCUS Dive Deep 2021

You set up JDE security during implementation. Maybe you even bought a 3rd party tool to help manage your JDE security. Now, years after implementation, you wonder how well your security is working. Did you get it all right? In this session, we will look at using the Object Tracking tool to help answer one nagging question. Can I lock things down even further?

Presented at INFOCUS Dive Deep 2021

A security roadmap for your E1 environment is commonly defined with the major landmark security types (Application, Action, Row, etc.), but there are many hidden treasures that you can discover to make your security management more efficient and effective.  Let’s embark on an overview journey, and unearth the value in lesser-known security types available with your standard E1 security.  These treasures can complement and enhance those standard security types, and you can walk away from this discovery session with a tool chest at your disposal to begin mapping out your security treasures.

Presented at INFOCUS Dive Deep 2021

This introductory overview session will discuss the different UDO security types and methodologies that JDE administrators and security professionals can employ in their adoption of the new 9.2 user experience tools.  We will review the default security delivered with UX One roles and compare that to how UDO security will be applied for new UDOs enabled by your organization.  These introductions and concepts will enable you to develop a plan for securing your new user experience enhancements, within the existing roles that you employ with your standard E1 security model.

Zero Trust is the best practice framework for identity and access governance. However, adopting Zero Trust for legacy ERP applications like Oracle EBS, PeopleSoft, and JD Edwards presents challenges when you consider the current use of weak passwords, desperate identity providers, manual access management processes and role-based controls. Unfortunately, as remote/hybrid access requirements are piling up, enabling a Zero Trust security model has now become a priority project.

Join the ERP data security experts at Appsian Security as they break down the Zero Trust security model, help align the framework to legacy ERP, and demonstrate how your existing access controls can be enhanced to fully align with Zero Trust. In this webinar, you will learn:

1. Why data and transactions are essential variables for defining Zero Trust policies

2. Top use cases for leveraging dynamic access controls and data masking for access governance

3. How to optimize your identity governance strategy to include SSO and transaction level MFA

4. How security analytics can be used to enhance how you detect security threats

5. How to align access management processes like segregation of duties to Zero Trust

According to the latest data breach report by IBM and the Ponemon Institute, the cost of a data breach in 2021 is up 10% ( $4.24M) from 2019. Your business data is the target – and it’s time to act now!

Presented by:

Greg Wendt, Appsian Security

David Vincent, VP, Solution Strategy & Customer Experience, Appsian Security

Discover the benefits Oracle Database customers can anticipate when moving to a Power10 based system as we uncover the design of IBM's latest generation of Power.

During this session, we will discuss advantages of the new Power10 based system which include:

Evaluating the migration of older Database versions to a current version
Managing your workload requirements when moving to the newer and faster architecture
Improving reliability
Enhancing Security

This session will leverage our practical hands on experience on how a Power10 based system can help you when moving from Database version 11gR2 to 19c to assure ongoing support from Oracle.

Presented by Wayne Martin, Technology Manager, IBM Systems