ࡱ> TVSM nbjbj== WW [ljjj t  n2$ (p2 V)@ U&8Xi >0nuxtt Q. Why is eHealth any different than any other Oracle application? We have possibly placed Oracle in harms way by installing it on a machine that is most likely pingable from the cloud. The greater majority of Oracle databases (I would wager a bet on 98%) are installed on machines which are not pingable from the cloud. Two-tier and three-tier architectures give two and three levels (respectively) of additional security to most Oracle installations. Before the RDBMS can be hacked, someone (or something) must typically hack through two other layers of infrastructure. The chance of them doing this quickly enough without being caught has been very slim:  Is it not true, that in order for eHealth to monitor a portion of the cloud via SNMP, that it must therefore be in that very cloud?? If so, then eHealth looks like this:  Q. Why is Oracle security our problem: doesnt Oracle security belong to Oracle Corporation? We are embedding Oracle into eHealth. Our licensing agreement with Oracle Corporation indemnifies them from harm. Their maximum liability is the direct cost of the embedded license (sort of like when Photo Hut destroys your film: they are only liable to replace the original roll of film, before you took the pictures). Oracle Corporation will distance itself from all security issues regarding eHealth/Oracle being hacked because: We are embedding the Oracle RDBMS into our app (like NutC, like RogueWave, etc). Oracle is a seasoned veteran when it comes to fighting liability issues Oracle has a full legal staff of defense lawyers Oracle has deeper pockets Q. Why is it so likely that someone would really want to hack eHealth? Companies (like MCI/Worldcom) are reeling from their own mistakes and from the economy in general. When the going gets tough, the corporate world gets nasty. Few people know about (or care about) Concord. Lets assume for sake of argument that Concord has no enemies. Can we make that same claim about MCI/Worldcom? How about Equant? Verizon? Our relatively small customer base of ~2,000 customers includes some very impressive infrastructure companies. Their collectively list of enemies include: Disgruntled and/or fired employees Vendors who are being stiffed Bored hackers (many of whom are out of work) International terrorists Q. What is Joe asking for? Some time to think through the ramifications of implementing something which is not adequate enough to protect us from a liability suit. A rallying effort (of our database team) that we have a potential issue that we need to sort out before Concord entrusts our solution to the customer. Possibly a new team formed (eventually) to deal with this issue, so we dont bog down our weekly meetings (after we solidify on the notion that it needs to be addressed).  Page 6, Oracle Partner Network Embedded Software License Distribution Agreement, under Limitation of Liability: NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE OF CONSEQUENTIAL DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR DATA USE. ORACLES MAXIMUM LIABILITY FOR ANY DAMAGES UNDER THIS AGREEMENT AND YOUR ORDER OR MONTHLY REPORT, WHETHER IN CONTRACT OR TORT, SHALL BE LIMITED TO THE FEES YOU PAID ORACLE FOR THE RELEVANT PROGRAM, TECHICAL SUPPORT OR OTHER SERVICE UNDER THIS AGREEMENT AS SPECIFIED IN YOUR ORDER OR MONTHLY REPORT. [original emphasis retained] DE,8&PQTnq#$P : I # > n6] j0JU 5>*CJ\ j1U jU>*5\CJ 5CJ\DEOPRSf 0 J K L M  & F$a$  mM N O P 7 8     " # > ? d & F  & F  delmn  & F  / =!"#$%1DdJjV  C 2Aora3tier.gifb61\N#y$,3r1D"n 1\N#y$,3rPNG  IHDRtRNS["bKGD̿ cmPPJCmp0712`0IDATx^}m$y^'<'H$L$ef{`kġ X?(\d & `{ @ۋ( $0N;08q=PAHN"o}x왩ؽ~ɛzꭷߪz?R@Bv Fr%}MK^9]槡c4¾UAmŨ/RNfAKF!y=?!J\J`F==hD뒩)6(۞%Ok89 Dצ:gо,>/]RQ$3K7 -l/#2KٶFoF¡rh*J,Sr {{Rd>wʇW{_-=fZ ʣKO+_lʗrů>M(?R,/=Fy%Kn!jqҋˏ)f qrO,3KriYB1| 1W^Dٛc_$uYv+RޥQxCJŀlgš/RE?\!RIaK-фqh& l'j M"aR$CD2J g#PR-@MUHU@Cf_]J%b3~ȶI^"C] xI[GʳJ"md6eu1]|i@-{sU&'FeUt $$͋qP|@P(rr4"ȶD ebSe0Ki):t5F2?^SA!UdwK\C,X$ċZQE Hfl!;PeuH׸ GaCݬ? >- L5H:0Arq,%yQ5LC !1V45IhmQ1|1ao963 *~4O/ BaXDÂYY2[-- VZ1LvYG&shdQ'0HBOKaՖ@BR][Hl͘@B*҂ q{ 'DBf $lч iRjP7E" %ٙ奮3ۡ:V^8#6>dJ*C8i{}/2|BFRqMIZ8*EHEQA9։Lgg%X0)^SдwL'$3}Kb[-,” ;!="Gv4KO㙕$2)("WP iD@p1#&+cEKfCXf@YL-e7=f}R~ˉhi}S!̱T*^ǃ V=lqu=$Z)>}p˧RM"P 1[6o_D s䮽 \ r\ͨMH6%)Lyf%<`bKHiڨmU 2 j\*p+5ܶ9mcn%,PW%*OzȁӼO ZW.,r7`lեsMVz;Q8ePVh@+␶e8"7dS{aWʲU ^S NY>|aވWs*N {3CLQ:[6G# y}FXGPXVP=L.^H&Bz0_*ԥBcf?lv' c ЇX801p*<1f9дa|;)s3#׉aM*  kšÔ?hJI =u[h<.A*! sSSǮ ؠY!ܐͥjhNcb!Rl"#l"N-1؍bj0deɞlotFL5l {˻xnZkF!DqjV.3=wᄣ jS-PU6>kV圩͆FS>Beͬ!ʮ-YTiTJTͩZA=':, X԰,_r"(X,D$$Igm̺@ oIGj۪1+hU1` oA(9HeCe;N<ueWSzB ^T6(1nՋs{9ӧ01dPleC'NX(=ZR _FŗS2R]?U,=M 2E*iУ È<U.+PP l/lH!! ToY!GuIgU |I`$ > *7`m*-c OXH+6?M'CfẖF!elm}ռ$@E`7 Jʎ:4àԱ;s8T U–Cj r@A}Ġs tPިT`R݁ж+QWaT Ϙkt#Uwn654@MIHz`=I<]񵒡+xkBʆ 060aKo^UzXY?[g61@qhTt`d(|ɶkubw@O-WUNtp,G2ܱy%X0uul ls*h Ӯ< g.J>ݶ6}T=[m^fAE^th.JDY;{M::d-;)qT;] 87_flzߪn]ZKW:WI2J4P-5FVgT=Dn"Ƙ>Lg7oCU L3{e-QDVO$W9-XRR8FJDM4>F}(e +1.%oCYUSҲ[Ie $+" 9Eff|K1tـCWP/9s{̱Zܥ(M\ùfZ`Koˮ 5*fdН C Q:o -P:b=$NHPRL_s9Ip6c XJd)ݐ9IhÿD! .#BtAU6<@S8% Br; =`7ZD\r02u"}9mH9={dןVW]7:X |<Ѥ;G? 38)h#[:jU7TƩݠU!ѭ>  X|]4G/|= APe9*T3q ,Y@Aa}SP4xၦNܽsQe Ңf9$}uu$7a 6ORN<]^2 y\P'J@;&04zG)ŨTC̛GPĒ|# 7f2v\:9G%T("pwo5 t/Y '߅.\)pϕ,DۭEgXwj3e{gX[䤀f;.6>sGc+f&N_T hXs $Y9SF;m辶-$--_ ɹKjfYt2QUTTG弩P2:Ύ{75GGX`9ۖq*m@?GnŖ͡ɛd%xwq5K[_ױdMb+x%aML`[TtG94a>WML$ߗyt2uZglm_ d{WuS.ܤ"Y@>`?4,9Q A3R%8O0O&MiIK;5sYψ:ndsyZ}m-VkkCv6lGtƢmH1u 2N>Rjaj ?M` ߔ.+ .v@̖iSsŋqd7q)Ϭ<[,^3E4& >lA-&Y ϜO"$,E+sϙa}lt)bǘ_1H6,'7kq"5(-.k [DԽ!|:P1n[@᎛o`-sZ[q b)%!b [ġ \5C4^H}Yqe6<\aŜ5ʬe!K:,bװUat4eo`+N$r5'Yzh.-"b.J@_b)˸yxLu\3zI2F7'ۃHnggvv[ENvP)Kx]GOnO;[",lkhn؏ OIl~zqP7$ڻ? i"SG%'-'8Duۓ!,À^0&q/% LqÆFlĽ~I [B2$uS'dI fb3XuL"븮*R`\>|:? Վ_7(ʼndvȍ99$N8xdMY\TD6b,gu\KIlKR)~׫~xAvqq d!M)l!Z`1K R\Eŕ^v5ڙQqf{.x[ӖOJآ-$b=f,}Hآo)2?tg-cY>~ݣ1 ,PuƕzqшBjӶ"δ!3n5AU=k8 }Űg `:þD nQYiMRU\ʧ2nDapșfFGuQ#.g}'[kYeߛߋ4kk] #q- 9y͙,nH_qv7G hJtoy:Ghׅ͡-+:֐?2aZWǒcrDS CTfs0!=2RU1a#lQ-s!BwbbVK6O ưǐvEY9i9я~q\8ՌL XzH|B!ʢF8QZ.7^WIԚ3^5]JbF1*"kсw":àqAX 8.zwIdFl1Kλ`w7?|آ8lATI=>5GaޥE $LLuVA" !1Mi`3hp-!1P7TgKy{p>߯~㯍o_BdvISu·p]lzh>yg8o{9gܫoU\{t'Q] gq oocy={OSE0o {yvdt22H5ݗ}w5}yie#_~6Mk'{O3AjPqC 0(!|S45w$=r*K"HSo?o~<.xP{~/ qWgL@;}#g~k_ژ-ob؉\ "Ä0>wCwyg D҅_~ Qܹw"~;>O s{G' 8*KpqfF?K^y_>;&_;3;[pyϓG' svև'Z%$> rdzk fm6+-N}_&7` @Y̆?9,g^}+_"!W={"ƈ;VU'-"ɗHkAȓ}؂ S} ǂݴA \at-xsaK^/}מ%71<|~Ң:9+'y{7Z [`xn⺒KJ`NiI1`?`9[|xM"d~\F .+$<7ЍwoMf3O;)Fwv-{XJøCR+?nmVka31O&>^_R>y iU x10)޼il9z;RGGEud&҂7w}&Q{ԧ2.DTV [` g 6*l5ޯDՑ[L^Z$ڟ%Fm息K֎8 "כJ_ȷϒNZY̘=bg"q}ͅvSW>u +WZSW/}HO]rԕk;.jmg7K!ݏ%wϿ움/~ _B]{q~{oZcL_o|gg? j޺ҾIBu1w-btG1F2e֨[;fMWio皈a}f38xh8^-Zi6G/|dŰ,-z&3c#Kݴ- _#qln3]w$DoNܑķF*V-tN$PNdVK9؉T9V,}n} X,11d'2l cqnd)~ZOA$:'!w;@@W&%B-'b>HOYT;w/0Lweqnr?OWX4cՂ:+RފqA>ՠqHj9gt.'HI Dun1Ԉ@q@||́xfalA$kYw:YCS{qiܚ)֮\醴P>|!ο9)Kty2 KLh UQr6UP.L./BtWYDZV]e9#E &a훐ɽyD8f |p{|nv,x{܏/Y(LS@qd_<-ʇ%uBBH=nEJze3}[ L=IE>M`vqbVq7pp'4ɝ8 }Va:p.j_[l/gK$Z^Г$};MjK#_YކC,!lj+$TH [vmV8Ƨ@z×g+ lb4 l0]G]t,)cң`ZU0y"uC*9Z-Ԣt_K"S0TBF ҫVy\SmbFO[?8ɪn`%iɎ#kD hc>AVW(O W̹47P\G|bw+zvĠ<Cf_68lߌ!w7$#ʨZ|kykOq2gt<8w#8s,.-]\~roisKg(ZI=ZYmo8sܬЮ#ƺ5#\(?|.` #[.[ʭFƲWr +kXU %R"v6*cGJΪ˔8srkr.;c6ѐ`AckBٖrudsBh{OJ\Gh N;G@Shq$ w(rW\zbb@}-%oE1 ng5%C5a<,CS*+R*ʺ'eFz1%P1,彽0MVyt>jemRI65Sf`M,Az>$dKqy\%eEUTvC"j98D4jWS%:{Tm1vr$yf.7D J>VDV[Wf%oxղUn ɩWaa@Vt>,ln@4IyLIJ[-̫0lH!*hYr!S鞦Yfu8CGBPZxLm`O՜jFv%D9~2(#K6 uCjQq(АF`{,U'9pJ^A]9e hV<0mziQЏc&-5Z!mvYrV|O bZ""- jf.mu1Y-{/"oI |H$(X-RdâVgm˒MZTT]:y)Ct[uYE*4=U51:TU>DjxfU8 _URjYxZ$pV(П-d7{jt x~Vu?[zP'=݌i9MzurBn.mSoz-a.-5DK4`h Fԡ&N9jZΜ5]s$jIW,}RRԥv{7۞f9͢+$fX0(^I S4ۺ^ 򨮳 d*# XV5_v74ɐ9ʂU> "k5̝0.Z(-4fIeVQ~dTaie$G6QYM@mBQ=1#4RAa2c̒ʦn;3G ubb P:FQ8ݓȬLE(WCPZ:r;:N8 )Ƕt<7y{##hq|a!POڢn*&Ni)x|?E[Ń? 8 d""IFwDfUDQ.IJ(G"^|)BPTƉxd:Z eC%bYB$8$U1SbhgHgGa#I=%Z0t,2l1+mc-&*=YGFFIENDB`~Dd^vV  C 2Aora1tier.gifbۅei#"$2"nۅei#"PNG  IHDR*dvtRNS["bKGD̿ cmPPJCmp0712`*IDATx^_lǙGK-)%Jİb`qNv  cFlH%>w/ťsw}:;{yvr4}Jj_IJݴe))nݙowg'6g~ffh h5_% z&'o8BO''&b#T5HE\)i#\[QߕuTW& pt7‡j]58F"@_#,Yݪ$eFSQh no֤Cc;C)⢷D"at~%21$-²j^JoPRba"t^RS)E&͐*m~EU%Z}O6̦ O]_} P ScfS oOBByORotؓ%m>@tt<ɫ)xJyCJ@)8 vdP)[H1@2Zp0 ݚ՘Y^@i1Zh,;UJh(Mx,oM'` ;R h"œl umGJP@Բֹʊ.MD]W`qPCw|*>K`v:ALjLœ|NEEc0d^lM\"$Sf9vJwNɟ&Ie`ʻ+R*Jj{Piwtv[b2=jޟQo-C77!Gqܟ)IqcEpv.u"L)ђ\a]y)Ov}R`DyjO+L@%A9`>( VahWѭ{qpL/=!gY$o^KoG*\ETG{?BViR妧>TJ+PB(̅|M"HSo:<x˱O9dv9 ?)7$@$juܞցt~nLG(B`݃s|ݤ= A hoX~ą^Cg E$:iI t&JC( B*Ob4P|CjO*V'_J쯨M@![5gR~$ *| CPU%<'Jw`Z^kW@H$6C^Qr-$;bNխC0݄# :@{iMhGHS-4#-WsuW?{@e4no^%_SO;_.d#‰?ssG~-S8x-dj&? !=œs,umz'":˝@'etns"sjA0&]!ܹkYƞ?~\f~?Ϫ8)1dA!\<ڛJ:??֗JOhwsh*{j?FP;j ˝?_BG(?gq]n_|!mt[_9RZZDz]!w=+-Vy%?9s9t>z\.x/!(V /Fv]~wћ㹗ѡƋC7CoV湋hn*wF8q#7p{!5mP/_៮3,qSGzE&afGB&BF1wfG$ήC3x1i5=Ì\"E'g=Hbvrp? q}HAظϝ{֪MPʗyOdžݗW=433F 62x)2&YD簽p{巍)/ȣbw]j5??hHKSg6&HJ-Y~pT ɉ=*{Fmu !AlNꭐc}x6ɲJVqa}򮴌10M6"O'wݳguo]+>#mup%mz{*?}X_Q=#qY'%wtP 3R|u*23"Yh Ҍ5.ڭ|1-#I1:}#BnXHct L hNo0YL[kw)k#L8 +<9X+zL Rl^m)i@ICycUJi"Tn=R+RpOaɊ ԛD#?E$YGZl{?R`OXH)uTׅ.3k D.$h16]%u2 QRXuU8 qݗ)Tbz[^B|7B1ONOJRi]ca23UPҼǻ险Iˤj{P%69PB,Ah# ; 'I0^3w~ x>lX"&Ĺ չod7׉@3Yo(@}%p M#|z18i7 X(MnsbuS^lu\ iM4/]ưeK3/ cD˒) |wfhym3(GD7s1.rWJO Y?T[Hؙ<1\t^L[̎qƎreބ6 ȺiXyH)ܡEUŝ^-}j3.|\=7R]=;n:%NW]S_,AdG9m^|Y ]n_~Y^ _}K,&vպ/ X7sy+JMDyu^NgkƷcyC> i֎ԀV/j _ R#v X%:āP:Ā/ߵOd ݁KHFټ^-oC艽s؏}!vƇ`#] 7L=W9,=o'MRDŒ8v-(s,¹ЀƻYgC.)XjA#B(ëa,kf;R6cA_>6769}J"1=1QDO 4\1y35d7eD(B×Mͥi2,NVܙ 3p}wr! [SD>g}[͐!?9No)y2/,3qa4d*Ev=CBƾTQ#owSz2>e\zDj. (4$o ȜG kݼmã{>>"cıP+R^o~Qg&VB}w.(gC[.:i66mCIgAv;"Tb[n. (.MPtXWQb48m3Z`diLj<vFش\gm(IA a30tF1 Ҁ a1`;_d.Xil45۱#-Ղ*: 3K{Wp9"ŜebN\KD:"Sw Hf-\DZRM13r&bi jENǾƽ\1N8UHu}C\[>T);>]&3P| W{]wk0qcAJqeX"eaP13H t|OR3%n31Odx w"x2X#ڝnHi.MVtL1߈ WIJSjH4)J)id3٨l6A3t&ap%M/ (AJII$]F@%H5î!i6*!B<7mywml ȕR R Bں&ƒIZsGZbx,)S7k,(.mo(&p8x dH{`\(E7# PBFȸL33Bz=!V wnڔ `9u̧̦m@yqHcL+ vEfŸHo2 :4@u۪yחTeT9H+\[!TPn=O1.(: !t4okm@.ؘWw˶O¼OGs@Q)Z9 ?W[U?d'znjiWWÆLMA 7_Ae\ݱxүO.6]#2KjQံlTB8/gIMu H%L HflMjx <Ԯu>TH0r)Ҵ0G#E2Z=מ@;3A&'vPK3gKHgkE>"Qb>8g ? d e    l o 0000000000000000000 0 0 0 0000000000000000 0 0 0 0000000@0 00 00 000@0 0n M dn m 08 o 'ej|  P X o 333333Joseph Kuefler"U:\jkuefler\doc\OracleSecurity.docJoseph KueflerbC:\WINNT\Profiles\jkuefler\Application Data\Microsoft\Word\AutoRecovery save of OracleSecurity.asdJoseph KueflerbC:\WINNT\Profiles\jkuefler\Application Data\Microsoft\Word\AutoRecovery save of OracleSecurity.asdnTO9ҫ`]Jb wp3h ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo(h ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo(h ^`OJQJo(h ^`OJQJo(oh pp^p`OJQJo(h @ @ ^@ `OJQJo(h ^`OJQJo(oh ^`OJQJo(h ^`OJQJo(h ^`OJQJo(oh PP^P`OJQJo(`]JwpnTO9                           @, , ,, , , n P@UnknownGz Times New Roman5Symbol3& z Arial?5 z Courier New;Wingdings"qhqBg&Cg&Bg& $204 2Q)Understanding/Expanding the Business CaseJoseph KueflerJoseph KueflerOh+'0$ <H d p | *Understanding/Expanding the Business CaserdndeJoseph Kueflerxoseose Normal.dotlJoseph Kueflerx4seMicrosoft Word 9.0d@n@T0&@.g6&@fW=& ՜.+,D՜.+,X hp  Concord4  *Understanding/Expanding the Business Case Title 8@ _PID_HLINKSA X[ ora3tier.gifXYP ora1tier.gif  !"#$%&'()*+,-./012345689:;<=>?@ABDEFGHIJLMNOPQRURoot Entry FU&WData ^N1Table7tWordDocumentSummaryInformation(CDocumentSummaryInformation8KCompObjjObjectPool ]U& ]U&  FMicrosoft Word Document MSWordDocWord.Document.89q