Database Reference
In-Depth Information
Summary
In this chapter, we included the Chief Security Officer(CSO) in our governance
discussions. We helped him construct a Security Balanced Scorecard with objectives
for security management that are in concert with the overall corporate objectives.
We then demonstrated how principles of least privilege are implemented through
role design in responsibilities and the user management (UMX) application. We
looked at how the principle of accountability is implemented in the standard
FND_USER
tables and glanced at Oracle's Single Sign On (SSO). We explained how
employee on-boarding, off-boarding, transfers, and promotions must be reflected
in the security system to meet the security objectives in our scorecard. We showed
the CSO how the policies of the duties that must be segregated are articulated and
how they are enforced through Oracle Access Controls Governor, and reported
in GRC Manager. Next, we explained to him the threats, vulnerabilities, and
countermeasures that are available. We further explained how to harden the system
to address those threats, also counseled him on the costs of doing so, and helped him
understand that a completely secure system is not realistic or cost effective. Lastly,
we took the CSO through security incident tracking and response.
Search WWH ::
Custom Search