Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition

This text is a guide for readers who are struggling with the challenge of meeting regulatory compliance pressures while embarking on the path of process and system remediation. The first section examines multinational regulations and mandated compliance frameworks such as BSI, ITIL, COBIT, SAS70, HSPD-12/FIPS and ISO27001. The resource then focuses on specific software components of the Oracle Identity Management solution that enable secure business operations. To complete the picture, the author includes elements of the Oracle compliance architecture, which permit reporting essential to regulatory compliance process, and the Vaulting solutions and data hubs which collect, enforce, and securely store policy information. Five separate case studies in the five most regulated business verticals (Financial Services, Retail, Pharma-Life Sciences, Higher Education and US Public Sector) bridge the gap between theory and practicality.

About the Author

In addition to serving on the board of directors for three publicly traded multinational corporations, Dr. Marlin Pohlman is director of governance, risk, and compliance (GRC) product strategy at Oracle Corporation. Dr. Pohlman has lectured in the university systems of New Mexico, Arizona, and Minnesota, as well as spoken at Burton Group, Gartner, AMR, BC Government Identity Management Symposium, and the Veritas Nobel Laureate invitational. Dr. Pohlman is recognized as one of the primary educators worldwide on identity management, regulatory compliance, and corporate governance. His affiliations in this field include the Information Systems Audit and Control Association (ISACA), The Burton Group, the Institute of Internal Auditors, RSA Security Conference, DefCon, AMR Research, and Gartner.

With over 18 years experience in x.500 and LDAP-based directory structures, he has led directory server implementation for companies such as Ford Motor Company, the Automotive Industry Action Group, Home Depot, Citigroup, AXA Insurance, Bank of New York, Alliance Capital, GE Equity, Federal Express, and the U.S. Department of Defense credit card issuance system. An original contributor to the IETF ASID and DIX working group, Dr. Pohlman implemented the world's second implementation of RFC 1777 for Sanlam Insurance in Cape Town, South Africa. The directory structure implemented in Sydney, Australia, for the 2000 Olympics held the record for the largest non-x.500 meta-directory implementation in a client—server environment.

Dr. Pohlman received his Ph.D. in computer science from Trinity University, with a thesis "Scaling Factors in Very Large, High Availability Directory Architectures." He has authored three texts on identity management, two texts on GRC, and is a Licensed Professional Engineer, Certified Information Systems Auditor, Certified Information Security Manager, and Certified Information Systems Security Professional. While at Oracle, Dr. Pohlman has worked on wideranging security programs for various customers including governmental agencies, educational institutions, financial services companies, and healthcare organizations. He is coauthor of the Oracle Unified Method, an iterative and incremental development process framework developed by Oracle. In the area of identity management and GRC he created a roadmap for achieving successful implementation of all Oracle products, including applications and middleware. In this comprehensive work, Dr. Pohlman leverages his experience as both a corporate board member and corporate governance solution implementer to provide a mechanism for promoting corporate accountability and stewardship of personally identifiable information within daily business operations.