1. Security Guide
  2. Understanding Nor1 Cloud Services

3 Understanding Nor1 Cloud Services

Nor1 Implementation Planning

When planning your Oracle Hospitality Nor1 Cloud Services implementation, consider the following:
  • Which resources need protection?

    • You need to protect customer data.

    • You need to protect internal data, such as proprietary source code.

    • You need to protect system components from being disabled by external attacks or intentional system overloads.

  • Who are you protecting data from?

    • For example, you need to protect your subscribers’ data from other subscribers, but someone in your organization might need to access that data to manage it. Analyze your workflow to determine who needs access to the data; for example, it is possible that a system administrator can manage your system components without needing to access the system data.

  • What will happen if protections on a strategic resource fail?

    • In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understand the security ramifications of each resource and protect it properly.

For sensitive Personal Information (that is passport, date of birth, and credit card): placing this information in fields other than the designated areas, such as Notes or Comments fields, is open for audit reviews and may not comply with rules and regulations.

Assessment and Audit

It is important to maintain a policy that protects sensitive data such as Personally Identifiable Information and Payment Card Industry (PCI) information when running the network.

Build and Maintain a Secure Network and Systems

  1. Install and maintain a firewall configuration to protect sensitive data.

  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

  1. Protect stored cardholder data.

  2. Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

  1. Protect all systems against malware and regularly update anti-virus software or programs.

  2. Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need-to-know.

  2. Identify and authenticate access to system components.

  3. Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data.

  2. Regularly test security systems and processes.

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for all personnel.

Properly Train and Monitor Admin Personnel

It is the customer’s and Oracle’s responsibility to institute proper personnel management techniques for allowing admin user access to sensitive personally identifiable data, cardholder data, site data, and so on.

In most systems, a security breach is the result of unethical personnel. Pay special attention to whom you trust into your admin site and whom you allow to view fully decrypted and unmasked sensitive personally identifiable data or payment information.

Sensitive personal information (including passport, date of birth, and credit card numbers) must be entered in specific fields on the user interface. The form fields that are intended to receive this information are clearly labeled and are designed with heightened security controls such as data masking in the form and encryption of data at rest. Entering this sensitive personal information in any other field (for example, in a Notes or Comments field), does not provide it with these heightened security controls and is not consistent with the requirements for protecting this type of data.

Cookies Policy

Oracle might use cookies for authentication, session management, remembering application behavior preferences and performance characteristics, and to provide documentation support.

Also, Oracle might use cookies to remember your log-in details, collect statistics to optimize site functionality, and deliver marketing based on your interests.