|
Overall Architect lead on
|
- Design and Document Cloud Guard configuration
|
- Design and Document Security Zones setup
|
- Design and Document Security Advisor configuration
|
- Design and Document Web Application Firewall configuration
|
- Design and Document Security Audit setup
|
|
Compartment Security
|
- Design and Define Compartment Security requirement
|
- Documenting Naming conventions and Tagging Compartments
|
- Defining the policy statement
|
- Required rule statement identification and technical definition for new policies
|
- Compute instance life cycle definition
|
|
Bastion Security
|
- Access control configuration definition
|
- Node access restriction documentation
|
- Network restriction definition and documentations
|
- Host Security (HSM) requirement, configurations, definitions and documentations
|
|
Block Volume Security
|
- Access Policy definitions for user and resources
|
- Encryption and key requirement definitions
|
- Cloud guard detector and responder recipe definitions for block volume
|
- Process definition and documentation of Encryption key rotation for block volumes
|
- Incident response process definition for block volume cloud guard notifications
|
|
Virtual Machine Security
|
- Secure network access requirement definitions
|
- Cloud guard detector and responder recipe definitions for Compute resources
|
- security zone (optional) requirement identification and definition for compute resources
|
- Process definitions to Respond to problems detected in Cloud Guard
|
- Identification and definition of compute patch requirement and processes
|
- Documentation of VSS requirements and processes
|
- security audit process definitions
|
|
Network Security
|
- Public and Private subnet technical requirement definition
|
- WAF, Firewall and API Gateway Security rule definition
|
|
|
- Network related IAM policy definition
|
- IPSec VPN security configuration definition
|
|
Object Storage Security
|
- Secure network access definition for resources
|
- Identification and definition of Cloud Guard (optional) recipes for Object Storage
|
- Create a security zone (optional) requirement identification and definitions
|
- Process definitions to respond to security problems detected in Cloud Guard
|
- Security Audit process definitions
|
|
Zones Security
|
- Define requirement for compartments and security zones
|
- Evaluate and define new security zone policies
|
- Define process for security zone audit
|
|
Tag Security
|
|
|
|
Securing Vulnerability Scanning
|
- Define requirement and configuration for service gateway to scan Compute instances that don't have public IP addresses.
|
- Define process for security audit
|
