OPERA R&A Implementation Planning

When planning your OPERA R&A implementation, consider the following:

• Which resources need protection?

  • You need to protect customer data, such as credit-card numbers.

  • You need to protect internal data, such as proprietary source code.

  • You need to protect system components from being disabled by external attacks or intentional system overloads.

• Who are you protecting data from?

  • For example, you need to protect your subscribers’ data from other subscribers, but someone in your organization might need to access that data to manage it. Analyze your workflows to determine who needs access to the data; for example, it is possible that a system administrator can manage your system components without needing to access the system data.

• What will happen if protections on a strategic resource fail?

  • In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understand the security ramifications of each resource and protect it properly.

Personal information cannot be entered directly into OPERA R&A. Oracle provides functionality within OPERA for personal information that is shared with OPERA R&A. Placing personal information in OPERA fields other than the designated areas, such as Notes or Comments fields, does not comply with regulations for data protection.