<Insert Picture Here>

Executive Invitation – Oracle Data Finder Service

<Name><Title><Organization>Oracle Corporation

Agenda

• Oracle Insight• The Data Finder Tool• The Oracle Data Finder Service• Deliverables• Next Steps• Q & A

3

<Insert Picture Here>

Oracle Insight

• Objective

• Joint Collaboration – Oracle and Customer

• Customer Value and Customer Success

• Maximize Business Value of Oracle products

• Build Relationships

• Outcomes

• Professional Solution Presentation

• Achievable Set of Recommendations

• Deeper Relationship

Benefits of Oracle Insights

• Free Access to Oracle Expertise• Develop Knowledge of Oracle Best Practices• Low Risk (Time invested, not money)• Best Case Outcome

• We jointly solve a problem with business value.

• Worst Case Outcome• Oracle makes recommendations that are never adopted• But you learn from them

Oracle confidential - For internal use only20/04/23 5

What is the Data Finder tool?

• Finds unprotected sensitive data

• Connects to target database and executes searches based on the patterns

• Results are returned, displayed and logged for further analysis

Oracle confidential - For internal use only20/04/23 6

How does it work?

• Patterns are defined at one of three levels:• SCHEMA – looks for schema names that match the pattern• OBJECT – looks for DB Object names (Tables, Views,

Columns) that match the pattern• DATA – looks for data within columns that match the pattern

• A search will apply the selected patterns to a particular database and retrieve matches

The Oracle Data Finder ServiceAnalyze and profile a subset of your data, to highlight potential

problem areas for further investigation

Agree on appropriate trends and sophisticated patterns, based on industry experience, applicable laws and standards

Use our Data Finder tool to analyze and report on any potential information security issues

SCOPESCOPE

DELIVERABLEDELIVERABLEStatement of Findings includes detailed outcomes, an analysis of

our engagement findings, recommendations and next steps.

A single point of contact for co-ordination of the on-site activities, such as the CSO, Compliance Officer or Security Manager.

Access to appropriate business and technical stakeholders for initial discussions.

Privileged-user access to one or more database instances for the duration of the engagement

KEY KEY REQUIREMENTSREQUIREMENTS

Example Finding

Key Findings• Personally identifiable information found in MS Access database

• Using SSN as primary key in inventory application

• ITAR protected documents not secured

• Bank account numbers not encrypted

• Credit card information encrypted in production but in the clear in test bed

Other Issues• Managers must manually ensure on-board/off-board process

happens correctly – access to right data at right time

• Highly privileged users (e.g. DBA) have access to sensitive data in production

• Difficult to audit role based access and data changes

• Reporting on data changes/exposure not always available

Recommendations   • Decommission homegrown MS Access

applications and migrate to securable systems

• Replace SSN with another unique ID

• Implement encryption on bank account database rows

• Consider IRM solution for ITAR compliance

• Utilize masking in order to remove credit card data from test environment

• Implement holistic real-time audit aggregation strategy across all databases

Overall

Objective

High

Marginal StableTransformationalBest PracticeImportance

Information Protection

Prioritizing Recommendations Prioritizing Recommendations

MediumLow

Level of Effort

Hig

hL

ow

Me

diu

m

Imp

ac

t

High

“Lo

ng

er T

erm

”

“Tactical Targets” “Strategic Targets”

Recommendation 1

Recommendation 2

Recommendation 3

Recommendation 4

The Oracle Insight identified 4 major recommendation categories that were evaluated for prioritization

10

<Insert Picture Here>

Next Steps

• Accept Invitation

• Nominate Exec Sponsor

• Name Participants

• Finalize Joint Execution Plan

• Schedule On-Site Discovery

• Begin Due Diligence

• Conduct Oracle Data Finder Service

Q&A