General security principles

These are basic security principles to implement.

• Require strong, complex application and database passwords.

  Create a password policy to establish password requirements. For example, require a minimum password length and at least one of each of the following types of characters:

  • Alphabetic
  • Numeric
  • Non-alphanumeric
  • Upper-case character
  • Lower-case character
• Keep passwords secure.

  When you initially create user accounts in the Oracle Empirica Signal software, send users their user name and initial password in separate email messages. Instruct your users not to share or write down passwords, or to store passwords in files on their computers. Additionally, require users to change their passwords upon first use.

• Keep software up-to-date.

  Keep all software versions current by installing the latest patches for all components, including all critical security updates.

• Implement the principle of least privilege.

  In implementing the principle of least privilege, you grant users the fewest number of permissions needed to perform their jobs. You should also review user permissions regularly to determine their relevance to users’ current job responsibilities.

• Monitor system activity.

  Review user audit records regularly to determine which user activities constitute normal use, and which may indicate unauthorized use or misuse.

• Promote policy awareness.

  Ensure that your employees are aware of Acceptable Use policies, best practices, and standard operating procedures that are relevant to the Oracle Empirica Signal software.