Oracle E-Business Suite Controls: Application Security Best Practices



Similar documents
Chapter 6: Developing a Proper Audit Trail for your EBS Environment

Risk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications

Risk-Based Assessment of User Access Controls and Segregation of Duties for Companies Running Oracle Applications

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

How to Audit the Top Ten E-Business Suite Security Risks

Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015

Managing Oracle E-Business Suite Security

Building an Audit Trail in an Oracle EBS Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA

Decryption of Credit Card Data and Bank Account Data; Risks and Controls

Oracle E-Business Suite: SQL Forms Risks and. Presented by: Jeffrey T. Hare, CPA CISA CIA

Oracle Database 11g: Security. What you will learn:

Solihull Metropolitan Borough Council. IT Audit Findings Report September 2015

enterp Oracle CRM On Demand Administration Essentials rise world's best-selling brand of

Oracle Database 11g: Security

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

Oracle BPA Suite: Model and Implement Business Processes Volume I Student Guide

User PV Form? Risk Description / Comments Recommended Setting

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

R12 Surprises in User Management

Oracle CRM Foundation

USA CANADA INDIA. R12.x Oracle E-Business Suite Essentials for Implementers

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

Top Ten Fraud Risks in the Oracle E Business Suite

Oracle Application Express and Oracle E-Business Suite. Love and Mariage!

ORACLE CASH MANAGEMENT. Release 12 Features

Oracle Database 11g: Security

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Best Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA

SMARTEAM FUNDAMENTALS V5 R19

Integrity 10. Curriculum Guide

Minimizing the use of sa in Microsoft Dynamics GP. Copyright Fastpath, Inc. 2011

6231A - Maintaining a Microsoft SQL Server 2008 Database

How Accenture is taking SAP NetWeaver Identity Management to the next level. Kristian Lehment, SAP AG Matthew Pecorelli, Accenture

Guardium Change Auditing System (CAS)

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT


Change Management Procedures Re: The Peoplesoft Application at Mona

Approvals Management Engine R12 (AME) Demystified

Software Project Life Cycle Management (SPLICE-M)

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Oracle Fusion Applications Security Guide. 11g Release 5 (11.1.5) Part Number E

05.0 Application Development

Best Practices Report


Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

Analytics: Pharma Analytics (Siebel 7.8) Student Guide

Release System Administrator s Guide

Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Microsoft SQL Server 2008 Bible

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Navistar Direct Ship isupplier Portal. Overview and Administration for Suppliers

TERMS OF REFERENCE FINANCIAL CONSULTING FIRM 6 MONTHS, NATIONAL

Management Center. Installation and Upgrade Guide. Version 8 FR4

Identity & access management solution IDM365 for the Pharma & Life Science

CONTENTS. List of Tables List of Figures

Securing Oracle E-Business Suite in the Cloud

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

SMARTEAM - Editor Administrator Guide

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

Groove Management Server

SECTION C SCHEDULE A: PROJECT BRIEF PART 1: SCOPE OF SERVICES

Financials 9.1 Upgrade Project and Electronic Approvals Overview Session October 10, 2012

Oracle Database 12c: Administration Workshop NEW

ADP Workforce Now Workflow. Automatic Data Processing, Inc. ES Canada

NetIQ Identity Manager Setup Guide

OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT

ADP Workforce Now Security Guide. Version 2.0-1

Expense Module Security

Microsoft Project Server 2010 Technical Boot Camp

Complete Database Security. Thomas Kyte

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

STATE OF NEW HAMPSHIRE. Department of Safety Division of Fire Standards & Training & Emergency Medical Services RFI

SPF GOOD PRACTICE GUIDE

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

New Oracle 12c Security Features Oracle E-Business Suite Perspective

Oracle Sales Cloud Securing Oracle Sales Cloud. Release 10

Identity Management Overview. Bill Nelson Vice President of Professional Services

Circular to All Licensed Corporations on Information Technology Management

Course Duration: 3.5 Days. CPE Hours Available: 32 CPE. Knowledge Level: Intermediate. Field of Study: Auditing. Prerequisites: None

SERVICE EXCELLENCE SUITE

Payroll Basics for ADP Workforce Now. Automatic Data Processing, LLC ES Canada

Contents 1 Overview 2 Introduction to WLS Management Services iii

Open Source Identity Management

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions

Nintex Workflow 2013 & InfoPath Form Design workshop

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE

MicroStrategy Course Catalog

Syste. Microsoft. Center 2012 UNLEASHE. Rand Morimoto, Ph.D., MCITP Pete Handley, MCITP David E. Ross, MCITP lechnical Edit by Guy YardenI

GRID COMPUTING Techniques and Applications BARRY WILKINSON

We also going to accept a Fixed bid, but with a breakdown in a more or less approach below; Hourly Rate - USD (Offshore)

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Oracle CRM Foundation

Copyright Soleran, Inc. esalestrack On-Demand CRM. Trademarks and all rights reserved. esalestrack is a Soleran product Privacy Statement

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Microsoft SQL Server Beginner course content (3-day)

Core Training Quick Reference Guide Version 2.0

Transcription:

Table of Contents Table of Contents vi Acknowledgements 1 Foreword 2 What Makes This Book Different 3 Who Should Read this Book 3 Organization of this Book 4 Chapter 1: Introduction 5 Chapter 2: Introduction to ERP Systems 11 Impact of ERP Systems Technical Architecture 11 EBS Technical Architecture: Audit Trail Implications 16 Application Controls 19 Change Management 21 Privileged User Access and Monitoring 22 Chapter 3: Goals of Application Security Design and Impact of RBAC Standards 23 Application Security Design Goals 23 The RBAC Standard and its Impact on Application Security Design 25 Chapter 4: Introduction to Oracle Application Security: Function Security 31 Function Security 31 Users 31 Responsibilities 38 Page vi

Menus 42 Request Groups 45 Form Functions 47 Function Security Conclusions 51 Chapter 5: Change Management Best Practices and their impact on Application Security 52 Change Management, Prior to ERP Systems 52 Change Management, Impact of ERP Systems 53 Protecting the BUSINESS process 54 IT Change Management Best Practices 56 Change Management Conclusions 62 Chapter 6: Developing a Proper Audit Trail for your EBS Environment 64 Standard Application Audit Information 64 Sign-on Audit Information 65 Snapshot-based Technologies 67 Advanced Application Audit Trail Methodologies 71 Log-based Technologies 71 Trigger-based Technologies 73 EBS System Administrator Advanced Auditing; Trigger-Based 75 Evaluating Advanced Application Auditing Technologies 76 What to Audit 76 Audit Trail Conclusions 77 Chapter 7: Application Users Best Practices 78 User Provisioning Process 78 Establishing a User in Oracle EBS 81 User Password Controls 81 Monitoring of User Activity and Logins 83 Page vii

User Termination Process 84 Use and Care of Generic User Accounts 85 Application Users Conclusions 88 Chapter 8: Application Support Principles and Their Impact on Application Security 90 Assessing Risk Related to Privileged Users 91 Application Support Security Design 93 Application Support Processes 95 Application Support Principles Conclusions 96 Chapter 9: Data Security and Its Impact on Application Security 98 Project Approach to Addressing Risks Associated with Access to Sensitive Data 99 Data Security Conclusions 105 Chapter 10: Assessing Risk for User Access Controls and Segregation of Duties 106 What a Risk Assessment Process Should Contain 106 When Should a Risk Assessment Be Performed? 112 Who Should Perform a Risk Assessment? 113 Risk Assessment Methodology 113 Risk Assessment Process Results 118 Risk Assessment Conclusions 125 Chapter 11: Workflow Security Implications 126 Worklist Access 127 Delegation of Notifications in the Application 130 Vacation Rules 133 Notifications Via Email 136 Page viii

Workflow Administrator 137 Workflow Security Conclusions 138 Chapter 12: User Management Module and Security Design 140 Role Definition 143 Role Hierarchies 149 Data Level Security 152 User Management Versus Function Security 153 Mandatory Use of UMX and Related Monitoring 154 Administrative Features 155 Delegated Administration 155 Provisioning Services 157 Self-Service and Approvals 157 User Management Conclusions 159 Chapter 13: Application Security in Non-Production Environments 160 Protection of Sensitive Data 160 Instance-Specific Security Requirements 162 Password Encryption Risks 163 Other Recommendations 164 Non-Production Instances Application Security Conclusions 165 Chapter 14: Upgrade Risks 166 Common Application Security Implementation Practices 166 Upgrade Risk 173 Use of Standard Menus and Submenus and Related Risks 173 Upgrade Risks Conclusions 182 Chapter 15: Release 12 Impact on Application Security Design 184 Manage Proxies 184 Page ix

Multi-Org Access Control (MOAC)/ Security Profiles 189 Chapter 16: Auditors Toolkit 192 Oracle Diagnostics Tool 192 Using Oracle Forms to Access the Application for Audit Purposes 200 Standard Oracle Reports 201 SQL Queries 201 Appendix A Common Controls Related to Application Security 204 Users 204 Security Design 204 Change Management 205 Appendix B Other Resources 206 ERP Seminars Hosted Websites 206 Other Websites 207 Books 208 Companies with EBS Expertise 208 Appendix C Terminology 210 Appendix D Tips and Tricks 212 Page x

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information