Database Reference
In-Depth Information
Account provisioning is also preconfigured to provide real time validation against
Segregation of Duties policies defined in Oracle Applications Access Controls
Governor for any responsibility or role assignments.
The connector also detects all major worker lifecycle events including on-boarding,
job changes transfers, and terminations. This tighter integration with people's
movements within the Human Capital Management applications will help to
minimize the latency between an HR event and representing its consequence in
security. It automates the security administration and allows security professionals
to concentrate on threats, vulnerabilities, and appropriate policies rather than
assigning and revoking roles and accounts.
Limiting access to administrative pages
Limiting functional access of administrators is also important. There are several
kinds of administrative forms that are security sensitive. As a security administrator,
you need to limit the number of people that have access to the pages:
•
Functional security administrative pages
: These are the pages that
control the security infrastructure, such as the UMX pages or the define
responsibility pages.
•
Design-time at runtime pages
: These are the pages that allow users to
define metadata that controls the application. Examples include the flexfield
pages or personalization pages. As these pages often allow SQL or HTML
fragments to be added, they allow an unscrupulous administrator to
effectively design a SQL injection or Cross-site Scripting vulnerability into
the application. We recommend that these pages should not be assigned to
any users during normal operation of a production system.
Segregation of Duties Policies
Next, we will look at how we can alert management to combination of privileges
that may present an opportunity for fraud. Segregation of Duties is well examined
in
Chapter 9
,
IT Audit
. Here, we examine how the segregation of duties policies
influence role design, and how they are reported within the GRC Intelligence.
A segregation of duties policy is generally implemented to ensure that a person
cannot authorize a disbursement (or commitment) of funds as well as actually make
the disbursement. For this reason, the policies tend to be in the financial applications.
They are mentioned here to give you a complete picture of role design. The following
is a screenshot of a set of segregation of duties policies in
Oracle Application Access
Controls Governor
. The topic of segregation of duties and how such policies are
implemented is fully explored in
Chapter 9
,
IT Audit
.
Search WWH ::
Custom Search