AuditNet
Oracle Audit Resource Center
Articles
Auditing Oracle Security The IT Audit, Vol. 7, April 15, 2004
This article discusses various aspects of Oracle security that must be
considered, including secured installation, initialization parameters, users
and profiles, roles, object and system privileges, logging, listener
security, etc.
Segregation of Duties Resources
Various SOD resources can be found at
the
Oracle Internal Controls and Security
listserver
under the Files section.
Oracle Apps Internal Controls Repository
Industry-leading best practices and analysis can be found by joining the
Internal Controls
Repository
forum for end users only.
Tables To Audit
Find out more information of what tables
should be audited in an Oracle Applications environment in the
Tables to Audit forum.
Some of these are recommended by Oracle at Metalink Note 189367.1.
List of Seeded Database Logins
This list is a list of database logins
that are created when various applications are installed. The list also
contains the standard passwords. This list can be used for IT Audit
purposes. You can
download it
here.
Also, you may want to check out Pete Finnigan's
website
for more resources.
Best Practices for Securing Oracle E-Business Suite
Oracle's recommendations for securing
your E-Business Suite can be found at Metalink's Note
189367.1.
Controls Inherent in Oracle Applications - 11i
Automated controls inherent in the
Oracle eBusiness Suite can be found at Metalink document
278724.1.
Access to Sensitive Data Policy Sample
Many company have implemented a policy
which further limits IT Staff and Contractors from
accessing certain tables and places restrictions on accessing only
tables required in accordance with their role. This is a template of a
policy you may want to consider adopting and can be downloaded
here.
Spreadsheet Controls Policy
Here
is a policy that a company shared that passed PWC's spreadsheet controls
requirements. No guarantees that your audit partner will pass on it, but
we thought we'd pass it along in case you are interested.
Audit Programs
Oracle Database Audit Program
Oracle Database Audit Program (Sep 07)
Oracle Financial System (Sep 07)