Oracle E-Business Suite: SQL Forms Risks and. Presented by: Jeffrey T. Hare, CPA CISA CIA
|
|
- Dulcie Crawford
- 8 years ago
- Views:
Transcription
1 Oracle E-Business Suite: SQL Forms Risks and Controls Presented by: Jeffrey T. Hare, CPA CISA CIA
2 Presentation Agenda Overview: Introductions Overall system risks Audit Trails Change Management Implementation Practices What are SQL forms? Risks related to SQL forms Use of SQL forms to manipulate data and commit fraud Two Scenarios Best Practices for monitoring activity in SQL forms Wrap Up
3 Introductions Jeffrey T. Hare, CPA CISA CIA Founder of ERP Seminars and Oracle User Best Practices Board Author Solo book project: Oracle E-Business Suite Controls: Application Security Best Practices; Contributing author Best Practices in Financial Risk Management Written various white papers on Internal Controls and Security Best Practices in an Oracle Applications environment Frequent contributor to OAUG s Insight magazine Experience includes Big 4 audit, 6 years in CFO/Controller roles both as auditor and auditee In Oracle applications space since 1998 both as client and consultant Founder of Internal Controls Repository public domain repository
4 Overall system risks Here are various risks of which you need to be aware to understand risks related to auditing application controls: Deficiencies regarding audit trails Deficiencies in Change Management practices Deficiencies in implementation practices
5 Overall System Risks Audit Trails Disconnect between application and database layers Need to be concerned about application access as well as database access Audit trail only kept where application is built to do so Lack of audit all functionality to monitor privileged users Lack of detailed audit trail throughout the application Example: change(s) to columns in a table can cause confusion related to changes made - Journal Sources example
6 Overall System Risks Audit Trails Audit Trail deficiencies Journal Sources Example:
7 Overall System Risks Audit Trails Audit Trail deficiencies Journal Sources Example: After first change:
8 Overall System Risks Audit Trails Audit Trail deficiencies Journal Sources Example: After second change:
9 Overall System Risks Audit Trails Journal Sources example data: Initial Value After First Change After Second Change Value Checked Unchecked Checked Updated by AUTOINSTALL JTH9891 JTH9891 Update date 03-Jan :52:09 25-Aug :43:58 25-Aug :45:31 The only thing we can tell from this is that JTH9891 made a change, but we have no idea WHAT changed. The values as of the second change are the same as the initial values!
10 Overall System Risks Audit Trails For more on this topic, review recorded webinar Building in an Audit in an Oracle EBS Environment at: Also, down chapter 6 from my book at: Proper_Audit_Trail2.pdf Both links are available at
11 Overall System Risks Change Management Purpose of Change Management protect the system or protect the process? Are system configurations relevant to the design and performance of the business process? Would you let a developer change the code related to a process without going through your change management process? Would you give your developers access to the Apps password in Prod?
12 Overall System Risks Change Management Some common Change Management challenges for companies running Oracle EBS: Too narrowly define change management as IT changes Failure to develop non-it executive ownership for the change management process Failure to properly identify the setup forms that impact their business processes and key controls Failure to develop the necessary audit trail to test for unauthorized changes and to show auditors regarding key controls Failure to design security using the principle of least privilege Failure to address risks related to forms that allow SQL statements to be embedded in them
13 Poll 1 Represents my organization s change management maturity: All key control configurations go through CM process All SQL forms activity go through CM process A trigger/log based audit trail has been created for all activity in CM process We regularly reconcile system-level activity to CM approvals None of these apply Check all that apply
14 SQL Forms Survey Aware of risks related to SQL Forms? I was not aware of the risk 32.6% 0% 9% I have read about SQL forms, but didn't/don't understand the risks 13.0% My company is aware of the risks, but have chosen not to address them 4.3% 22% 4% 4% 11% 4% 13% 33% My company is aware of the risks, but feels monitoring software is too expensive 10.8% My company has put a third party trigger or log-based solution to monitor them 4.3% My company uses Oracle's Sys Admin audit trail to monitor the activity 4.3% My company requires all SQL form activity to go through IT Change Management 21.7% My company reconciles actually activity to our Change Management approvals 0.0% Other 8.6%
15 SQL Forms Survey How long live on Oracle? 3% 5% 5% 3% We are not yet live with the system 5.1% 20% We have been live less than 1 year 2.5% We have been live 2-4 years 20.5% We have been live 5 or more years 64.1% 64% Other 2.5% No Responses 5.1%
16 SQL Forms Survey Number of Oracle Users 13% 5% 11% % % % Over 5000
17 What are SQL Forms? Forms that accept SQL statements: Metalink Note (Best Practices for Securing E-Business Suite): LIMIT ACCESS TO FORMS ALLOWING SQL ENTRY To improve flexibility, some forms allow users to enter SQL statements. Unfortunately, this feature may be abused. Appendix B: Security Setup Forms That Accept SQL Statement on page 49 contains a list of Forms that allow the user to edit code, add code or otherwise affect executable code. Restrict access to these forms by assigning the responsibility to a small group of users. Consider auditing the database tables listed in the appendix.
18 What are SQL Forms? Examples of SQL Forms: Define Concurrent Program, Define Concurrent Program Executable, Define User Profile Option, Applications, Define Data Group, Register Oracle IDs, Attribute Mapping Details, Define Data Stream, Custom Stream Advanced Setup, Audit Statements, Define Dynamic Resource Groups, Business Rule Workbench, Define Validation Templates, Defaulting Rules, Foundation Objects, Spreadtable Metadata, Administration, SpreadTable Diagnostics Form, JTFGANTT, Define WMS Rules, Define Pricing Formulas, Attribute Mapping, Workflow Process Configuration Framework, Workflow Activity Approval, Configuration Framework, PL/SQL tester, Write Formula, Define Function, Create QuickPaint Inquiry, Define Assignment Set, Dynamic Trigger Maintenance, Define Security Profile, Define Descriptive Flexfield Segments, Define Value Set, QA - Collection Plan Workbench Some not documented in Oracle Metalink document Original list developed by Integrigy Excerpts of documents [IntA, IntB] reproduced with permission from Integrigy Corporation (page ii)
19 Risks Related to SQL Forms Risks related to SQL Forms Execution of any SQL Statements insert, update, delete, select as well as database structure commands drop, truncate, alter, create, etc.; OS scripts Leading to fraud, data theft, taking over powerful accounts such as SYSADMIN, circumvention of policy such as change management, internal control deficiencies, additional audit fees, etc.
20 Poll 2 Question: The following represents my understanding of SQL forms prior to this webinar (check all the apply): I was fully aware of the risks related to SQL Forms I was not aware that SQL and OS scripts could be executed using these forms I was not aware of the number of forms with these risks I didn't know anything about SQL Forms Other
21 Examples Using SQL Forms Scenarios Fraudulent bank account updates for the purpose of misdirecting payments to a valid supplier Reset of SYSADMIN login for the purpose of unapproved access and system updates
22 Examples Using SQL Forms Scenario 1: Change Bank Account
23 Examples Using SQL Forms
24 Examples Using SQL Forms Before the Alert:
25 Examples Using SQL Forms The Alert is Fired
26 Examples Using SQL Forms After Alert
27 Examples Using SQL Forms Scenario 2: Reset SYSADMIN Password often with powerful access
28 Examples Using SQL Forms
29 Examples Using SQL Forms
30 Examples Using SQL Forms Once a plan is created you need only define your action condition that triggers your action. You then pick your method to execute. Top half sets the condition for the trigger Bottom half defines the action
31 Examples Using SQL Forms Update statement to reset SYSADMIN password
32 Examples Using SQL Forms Enter results to trigger the trigger
33 Examples Using SQL Forms When the trigger condition is entered and saved a periodic alert is run. This is really the only indicator that something has been done. The alert itself is not really traceable since we can delete the collection plan and remove any audit trail.
34 Poll 3 Question: Represents maturity of my organization re: SQL forms (check all the apply): We are limiting access to known / relevant SQL forms We are limiting access to all SQL forms All activity re: SQL forms goes through CM Monitoring activity via log/trigger based solution Reconciling actual activity to approved activityother
35 Best Practices for monitoring activity in SQL forms Forms that accept SQL statements Access should be tightly restricted to just the users management approves having access suggest SaaS service to find out who has access to all SQL forms All activity in the forms should go through your change management process All code going through the forms should be subject to a peer review before it is entered All activity within the forms should be audited using a trigger or log-based solution All activity should be reconciled back to approved activity For unauthorized changes, appropriate actions must be taken to plug the holes
36 Special Thanks Special Thanks to: Daryl Geryol, Practice Director - GRC Services, KBACE dgeryol@kbace.com Office (262) Cell (847)
37 Q & A
38 Poll 4 Question: Require any follow up from today's webinar I need a CPE certificate I'd like to set up a follow up call with Jeffrey I'd like to understand available monitoring tools I'd like copies of the slides None necessary
39 Oracle Apps Internal Controls Repository Internal Controls Repository Content: White Papers such as Accessing the Database without having a Database Login, Best Practices for Bank Account Entry and Assignment, Using a Risk Based Assessment for User Access Controls, Internal Controls Best Practices for Oracle s Journal Approval Process Oracle apps internal controls deficiencies and common solutions Mapping of sensitive data to the tables and columns Identification of reports with access to sensitive data Recommended minimum tables to audit Not affiliated with Oracle Corporation
40 ERP Seminars Services Free one-hour consultation Risk advisory services On-site seminars (1-2 days) custom tailored to your company s needs Various web-based seminars SOD / UAC Third Party software project management SOD / UAC remediation prioritization Controls review related to Oracle-related controls implementations and post-implementation
41 Seminars Offered and Planned Seminars offered: Internal Controls and Application Security Best Practices in an Oracle e-business Suite Environment Application Security Design: Fundamentals Implementing Oracle e-business Suite: Internal Controls Challenges Introduction to Oracle s User Management Module and Related Risks Auditing Oracle E-Business Suite: Application Security Monitoring Privileged Users in an Oracle E-Business Suite Environment Risk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle E-Business Suite See:
42 Contact Information Jeffrey T. Hare, CPA CISA CIA Cell: Office: Websites: Oracle Internal Controls and Security listserver (public domain listsever) at Internal Controls Repository (end users only) Skype: jhareaz
43 Best Practices Caveat Best Practices Caveat The Best Practices cited in this presentation have not been validated with your external auditors nor has there been any systematic study of industry practices to determine they are in fact Best Practices for a representative sample of companies attempting to comply with the Sarbanes-Oxley Act of 2002 or other corporate governance initiatives mentioned. The Best Practice examples given here should not substitute for accounting or legal advice for your organization and provide no indemnification from fraud, material misstatements in your financial statements, or control deficiencies.
Building an Audit Trail in an Oracle EBS Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA
Building an Audit Trail in an Oracle EBS Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on the arrow icon on the top right
More informationRisk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications
Risk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar
More informationBest Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA
Best Practices for Protecting Sensitive Data in an Oracle Applications Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on
More informationChange Management Best Practices for ERP Applications, An Internal Auditor's Perspective. Jeffrey T. Hare, CPA CISA CIA ERP Risk Advisors
Change Management Best Practices for ERP Applications, An Internal Auditor's Perspective Jeffrey T. Hare, CPA CISA CIA ERP Risk Advisors Webinar Logistics Hide and unhide the Webinar control panel by clicking
More informationRisk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications
Risk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar
More informationTop Ten Fraud Risks in the Oracle E Business Suite
Top Ten Fraud Risks in the Oracle E Business Suite Jeffrey T. Hare, CPA CISA CIA Industry Analyst, Author, Consultant ERP Risk Advisors Stephen Kost Chief Technology Officer Integrigy Corporation February
More informationHow to Audit the Top Ten E-Business Suite Security Risks
In-Source Your IT Audit Series How to Audit the Top Ten E-Business Suite Security Risks February 28, 2012 Jeffrey T. Hare, CPA CISA CIA Industry Analyst, Author, Consultant ERP Risk Advisors Stephen Kost
More informationChapter 6: Developing a Proper Audit Trail for your EBS Environment
Chapter 6: Developing a Proper Audit Trail for your EBS Environment In Chapter 2, we looked at the inherent architecture of EBS and some implications regarding the lack of a detailed audit trail. Three
More informationGuide to Auditing and Logging in the Oracle E-Business Suite
Guide to Auditing and Logging in the Oracle E-Business Suite February 13, 2014 Stephen Kost Chief Technology Officer Integrigy Corporation Mike Miller Chief Security Officer Integrigy Corporation Phil
More informationDecryption of Credit Card Data and Bank Account Data; Risks and Controls
Overview: Oracle provides its customers the ability to decrypt certain encrypted credit card and bank account data that is likely subject to PCI-DSS compliance and other compliance requirements. The following
More informationwww.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015
www.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle Partner Agenda 1. Introduction 2. Overview of ERP security architecture 3. Key ERP security models 4. Building and executing
More informationSolihull Metropolitan Borough Council. IT Audit Findings Report September 2015
Solihull Metropolitan Borough Council IT Audit Findings Report September 2015 Version: Responses v6.0 SMBC Management Response July 2015 Financial Year: 2014/2015 Key to assessment of internal control
More informationDeveloping Value from Oracle s Audit Vault For Auditors and IT Security Professionals
Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals November 13, 2014 Michael Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer
More informationOracle E-Business Suite Controls: Application Security Best Practices
Table of Contents Table of Contents vi Acknowledgements 1 Foreword 2 What Makes This Book Different 3 Who Should Read this Book 3 Organization of this Book 4 Chapter 1: Introduction 5 Chapter 2: Introduction
More informationReview and Approve Results in Empower Data, Meta Data and Audit Trails
Review and Approve Results in Empower Data, Meta Data and Audit Trails 2013 Waters Corporation 1 What is an audit trail? Systematic story of the data from creation, through interpretation and final assessment
More informationHow To Ensure Financial Compliance
Evolving from Financial Compliance to Next Generation GRC Gary Prince Principal Solution Specialist - GRC Agenda Business Challenges Oracle s Leadership in Governance, Risk and Compliance Solution Overview
More informationCredit Cards and Oracle E-Business Suite Security and PCI Compliance Issues
Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues August 16, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy
More informationBest Practices Report
Overview As an IT leader within your organization, you face new challenges every day from managing user requirements and operational needs to the burden of IT Compliance. Developing a strong IT general
More informationGovernance, Risk & Compliance for Public Sector
Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment
More informationSecuring Oracle E-Business Suite in the Cloud
Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The
More informationInstall and Configure Fusion Applications - DBA perspective. Masthan Babu Phani Kottapalli AST Corporation August 14, 2014
Install and Configure Fusion Applications - DBA perspective Masthan Babu Phani Kottapalli AST Corporation August 14, 2014 Specialized. Recognized. Preferred. The right partner makes all the difference.
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationMinimize Access Risk and Prevent Fraud With SAP Access Control
SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Access Control Minimize Access Risk and Prevent Fraud With SAP Access Control Table of Contents 3 Quick Facts 4 The Access
More informationOracle Database 12c: Administration Workshop NEW
Oracle University Contact Us: 1.800.529.0165 Oracle Database 12c: Administration Workshop NEW Duration: 5 Days What you will learn The Oracle Database 12c: Administration Workshop will teach you about
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationHow To Help Your Business Succeed
Rapidly Growing Mid-Stream Energy Refinery and Transportation firm Monitors Master Data for Controls FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise
More informationOracle. Brief Course Content This course can be done in modular form as per the detail below. ORA-1 Oracle Database 10g: SQL 4 Weeks 4000/-
Oracle Objective: Oracle has many advantages and features that makes it popular and thereby makes it as the world's largest enterprise software company. Oracle is used for almost all large application
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More informationOracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation
Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts May 15, 2014 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy
More informationOracle Database 12c: Administration Workshop NEW. Duration: 5 Days. What you will learn
Oracle Database 12c: Administration Workshop NEW Duration: 5 Days What you will learn The Oracle Database 12c: Administration Workshop will teach you about the Oracle Database architecture. You will discover
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationAPPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS
APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS Oracle Application Management Suite for Oracle E-Business Suite is a robust application management solution that helps you achieve
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationCOURCE TITLE DURATION. Oracle Database 11g: Administration Workshop I
COURCE TITLE DURATION DBA 11g Oracle Database 11g: Administration Workshop I 40 H. What you will learn: This course is designed to give students a firm foundation in basic administration of Oracle Database
More informationApprovals Management Engine R12 (AME) Demystified
Approvals Management Engine R12 (AME) Demystified By Sujay Kamath Prisio Technologies Introduction In today s world, many organizations are in need of implementing proper controls in place for faster transaction
More informationLeverage T echnology: Move Your Business Forward
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Is Oracle ERP in Scope for 2014 Audit Plan? Learn,
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationLosing Control: Controls, Risks, Governance, and Stewardship of Enterprise Data
Losing Control: Controls, Risks, Governance, and Stewardship of Enterprise Data an eprentise white paper tel: 407.290.6952 toll-free: 1.888.943.5363 web: www.eprentise.com Author: Helene Abrams Published:
More informationTo Cross-Validate or Not? Best Practices to Enforce Valid GL Combinations. Helene Abrams CEO eprentise habrams@eprentise.com
To Cross-Validate or Not? Best Practices to Enforce Valid GL Combinations Helene Abrams CEO eprentise habrams@eprentise.com Webinar Mechanics Open and close your panel. View, select, and test your audio.
More informationOracle Fixed Scope Services Definitions Effective Date: October 14, 2011
Oracle Fixed Scope Services Definitions Effective Date: October 14, 2011 "You" and "your" refers to the individual or entity that has ordered Advanced Customer Services from Oracle or an authorized distributor.
More informationOracle 11g Database Administration
Oracle 11g Database Administration Part 1: Oracle 11g Administration Workshop I A. Exploring the Oracle Database Architecture 1. Oracle Database Architecture Overview 2. Interacting with an Oracle Database
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationR12 In Depth: Focus on Report Manager
Delivering Oracle Success R12 In Depth: Focus on Report Manager Cindy Harpring RMOUG QEW August 19, 2011 About DBAK Oracle solution provider Co-founded in 2005 Based in Englewood, CO 2008 Emerging Business
More informationFileMaker Security Guide The Key to Securing Your Apps
FileMaker Security Guide The Key to Securing Your Apps Table of Contents Overview... 3 Configuring Security Within FileMaker Pro or FileMaker Pro Advanced... 5 Prompt for Password... 5 Give the Admin Account
More informationSecurity Analysis. Spoofing Oracle Session Information
November 12, 2006 Security Analysis Spoofing Oracle Session Information OVERVIEW INTRODUCTION Oracle Database session information includes database user name, operating system user name, host, terminal,
More informationORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT
ORACLE APPLICATION ACCESS CONTROLS GOVERNOR FOR PEOPLESOFT KEY FEATURES Continuously monitors application users access from high-level ERP roles and permissions to detailed access points 550 + Delivered,
More informationThe Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act*
The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act* July 2004 *connectedthinking The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act Introduction
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationKnowledge Coach. User Guide
Knowledge Coach User Guide October 2009 Copyright 2009, CCH INCORPORATED. A Wolters Kluwer business. All Rights Reserved. Material in this publication may not be reproduced or transmitted, in any form
More informationComplete Database Security. Thomas Kyte http://asktom.oracle.com/
Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright
More informationFixing Common Problems in Data Storage - A Review
Security Design For Your Database Applications Least privilege, data and ownership 1 Legal Notice Security Design For Your Database Applications Published by PeteFinnigan.com Limited 9 Beech Grove Acomb
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationOracle Fusion Applications Security Guide. 11g Release 5 (11.1.5) Part Number E16689-05
Oracle Fusion Applications Security Guide 11g Release 5 (11.1.5) Part Number E16689-05 June 2012 Oracle Fusion Applications Security Guide Part Number E16689-05 Copyright 2011-2012, Oracle and/or its affiliates.
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationGeneral DBA Best Practices
General DBA Best Practices An Accelerated Technology Laboratories, Inc. White Paper 496 Holly Grove School Road West End, NC 27376 1 (800) 565-LIMS (5467) / 1 (910) 673-8165 1 (910) 673-8166 (FAX) E-mail:
More informationLeading investor communications firm serving brokerdealers, and investment banks protects sensitive data
Leading investor communications firm serving brokerdealers, and investment banks protects sensitive data FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise
More informationmission critical applications mission critical security Internal Auditor Primer: Oracle E-Business Suite Security Risks Primer
mission critical applications mission critical security Internal Auditor Primer: Oracle E-Business Suite Security Risks Primer Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationOracle Database 11g: Administration Workshop I
Oracle University Entre em contato: 0800 891 6502 Oracle Database 11g: Administration Workshop I Duração: 5 Dias Objetivos do Curso This course is designed to give students a firm foundation in basic administration
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationOIM Business Acceleration. On-boarding Six Hundred Applications in Oracle Identity Management
OIM Business Acceleration On-boarding Six Hundred Applications in Oracle Identity Management CHAIN SYS Fast-Growing Technology and Solution Delivery Organization: Established in 1998. Strong Focus on Products,
More informationOFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia,
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationIntegrated Governance, Risk and Compliance (igrc) Approach
U.S. Department of Homeland Security (DHS) United States Secret Service (USSS) Integrated Governance, Risk and Compliance (igrc) Approach Concept Paper* *connectedthinking Provided to: Provided by: Mrs.
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationAPPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS
APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS Oracle Application Management Suite for Oracle E-Business Suite delivers capabilities that helps to achieve high levels of application
More informationSelecting a Database
Computers & Operating System versions: What types of computers and operating systems (OS) does your agency use? What OS versions? For example, Windows XP or Mac OS X? Which are supported by the database?
More informationBENEFITS OF IMAGE ENABLING ORACLE E-BUSINESS SUITE:
Content Management How does it apply to Oracle E-Business Suite? Carol Mitchell C.M. Mitchell Consulting Corporation OVERVIEW: ERP applications do a great job at managing structured data, which is the
More informationUpgrade Oracle EBS to Release 12.2. Presenter: Sandra Vucinic VLAD Group, Inc.
Upgrade Oracle EBS to Release 12.2 Presenter: Sandra Vucinic VLAD Group, Inc. About Speaker Over 20 years of experience with Oracle database, applications, development and administration tools Director,
More informationHow to deploy SurveilStar PC/Internet Monitoring Software
How to deploy SurveilStar PC/Internet Monitoring Software 1/16 How to deploy SurveilStar PC/Internet Monitoring Software (Latest updated: April. 9, 2015) www.surveilstar.com This document provides detailed
More informationJD Edwards World. Database Audit Manager Release A9.3 E21957-02
JD Edwards World Database Audit Manager Release A9.3 E21957-02 April 2013 JD Edwards World Database Audit Manager, Release A9.3 E21957-02 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
More informationCredit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600
Credit Cards and Oracle: How to Comply with PCI DSS Stephen Kost Integrigy Corporation Session #600 Background Speaker Stephen Kost CTO and Founder 16 years working with Oracle 12 years focused on Oracle
More informationFileMaker Security Guide
TECH BRIEF FileMaker Security Guide The Key to Securing Your Solutions Table of Contents Overview... 3 Configuring Security Within FileMaker Pro or FileMaker Pro Advanced... 5 Prompt for Password... 5
More informationIdentity & Access Management new complex so don t start?
IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationOracle Approvals Management (AME) Case Studies for AP, PO and HR
Oracle Approvals Management (AME) Case Studies for AP, PO and HR Presented By Susan Behn VP, Oracle Practice Agenda AME Product Overview AME and Approval Workflow Sample Business Case Scenarios Payables
More informationWHITE PAPER. Guide to Auditing and Logging in the Oracle E-Business Suite
WHITE PAPER Guide to Auditing and Logging in the Oracle E-Business Suite APRIL 2016 GUIDE TO AUDITING AND LOGGING IN THE ORACLE E-BUSINESS SUITE Version 1.0 March 2003 Version 1.1 February 2004 Version
More informationManaging Third Party Databases and Building Your Data Warehouse
Managing Third Party Databases and Building Your Data Warehouse By Gary Smith Software Consultant Embarcadero Technologies Tech Note INTRODUCTION It s a recurring theme. Companies are continually faced
More informationWHITE PAPER. Guide to Auditing and Logging in the Oracle E-Business Suite
WHITE PAPER Guide to Auditing and Logging in the Oracle E-Business Suite FEBRUARY 2014 GUIDE TO AUDITING AND LOGGING IN THE ORACLE E-BUSINESS SUITE Version 1.0 March 2003 Version 1.1 February 2004 Version
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationWorking with Structured Data in Microsoft Office SharePoint Server 2007 (Part1): Configuring Single Sign On Service and Database
Working with Structured Data in Microsoft Office SharePoint Server 2007 (Part1): Configuring Single Sign On Service and Database Applies to: Microsoft Office SharePoint Server 2007 Explore different options
More informationPROJECTIONS SUITE. Database Setup Utility (and Prerequisites) Installation and General Instructions. v0.9 draft prepared by David Weinstein
PROJECTIONS SUITE Database Setup Utility (and Prerequisites) Installation and General Instructions v0.9 draft prepared by David Weinstein Introduction These are the instructions for installing, updating,
More informationSetting up the Oracle Warehouse Builder Project. Topics. Overview. Purpose
Setting up the Oracle Warehouse Builder Project Purpose In this tutorial, you setup and configure the project environment for Oracle Warehouse Builder 10g Release 2. You create a Warehouse Builder repository
More informationSetup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1. Active Global Support February 2011
Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1 Active Global Support February 2011 Agenda Overview Landscape Setup Recommended Setup SLD/LMDB Synchronization
More informationCircular to All Licensed Corporations on Information Technology Management
Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information
More informationOFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia, CISA, CRISC Senior
More informationIdentity Governance Evolution
Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle
More informationLeveraging advanced controls with E-Business suite implementation and upgrade projects
www.pwc.com PwC Oracle practice 2013 Leveraging advanced controls with E-Business suite implementation and upgrade projects Leveraging the advanced financial controls in the Oracle Governance, Risk, and
More informationSecurity Trends and Client Approaches
Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon
More informationOracle EBS Interface Connector User Guide V1.4
Oracle EBS Interface Connector User Guide V1.4 Contents Oracle EBS Interface Connector User Guide V1.4... 1 1. Introduction... 3 2. Technologies... 4 3. High level Architectural Diagram... 4 4. About Oracle
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationOracle Database Security Myths
Oracle Database Security Myths December 13, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation About Integrigy ERP Applications
More informationApplication Monitoring for SAP
Application Monitoring for SAP Detect Fraud in Real-Time by Monitoring Application User Activities Highlights: Protects SAP data environments from fraud, external or internal attack, privilege abuse and
More informationSafeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng
Delivering Oracle Success Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking Lucy Feng RMOUG Training Days February 2012 About DBAK Oracle Solution
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationOptimizing the Performance of the Oracle BI Applications using Oracle Datawarehousing Features and Oracle DAC 10.1.3.4.1
Optimizing the Performance of the Oracle BI Applications using Oracle Datawarehousing Features and Oracle DAC 10.1.3.4.1 Mark Rittman, Director, Rittman Mead Consulting for Collaborate 09, Florida, USA,
More information