Database Reference
In-Depth Information
Clause
Control Description
A11.5
Operating System Access Control: To prevent unauthorized access to
information systems
A11.6
Application and Information access control: To prevent unauthorized access to
information held in information systems
A11.7
Mobile computing and telenetworking: To ensure information security when
using mobile computing and telenetworking facilities
A12
Information Systems acquisition, development, and maintenance
A12.1
Security requirements of Information Systems: To ensure that security is an
integral part of information systems
A12.2
Correct processing in applications to prevent errors, loss, unauthorized
modification, or misuse of information or applications
A12.3
Cryptographic controls: To ensure confidentiality, authenticity, or integrity of
information by cryptographic means
A12.4
Security of system files: To ensure the security of system files
A12.5
Security in development and support processes: To maintain the security of
application system software and information
A12.6
Technical Vulnerability Management: To prevent the damage resulting from
exploitation of published vulnerabilities
A13
Information Security Incident Management
A13.1
Reporting information security events and weaknesses: To ensure timely,
corrective action is taken
A13.2
Management of information security incidents and improvements: To ensure a
consistent and effective approach is applied to the management of information
security incidents
A14
Business Continuity Management
A14.1
Information Security aspects of Business Continuity Management: To counteract
interruptions to business activities, to protect critical business processes from the
effects of major failures or disasters, and to ensure timely resumptions
A15
Compliance
A15.1
Compliance with legal requirements
A15.2
Compliance with security policies and standards
A15.3
Information Systems Audit
Oracle's products and ISO 27000
The first component of the ISMS that we need to identify is where the list of critical
information assets can be seen. Those information assets that are subject to data
security through
FND Grants
are exposed as
FND_OBJECTS
in the Grants User
interface. The following is a screenshot of the Grants user interface:
Search WWH ::
Custom Search