This training week is designed for those that want to understand the technical risks associated with the Oracle Database Management System and Oracle E-Business Applications, how to recognize those risks and reduce them. You will leave this training week with two audit programmes and two checklists that you can start using immediately - Oracle Database System Audit and EBusiness Suite General Control.
Auditing and Controlling Oracle Databases - Using the security and integrity features in Oracle to perform control and security assessments
Over three days you will:
- Learn Oracle's database facilities and terminology along with the commands you need to know to provide security and controls over Oracle software and to query Oracle-controlled data
- Uncover the risks Oracle introduces and the exposures it reducesLearn about not only the basic Oracle security mechanism but also about more advanced security controls - triggers, encryption methods, security policies (functions), database firewalls and detection mechanisms,
- Explore Oracle Inc.'s approach to the client/server and Web processing environments and discover the impact Oracle has on your enterprise's organisation, security profiles, and information systems standards
- Learn about the extensive list special components and tools available to supplement standard controls and to help to assess vulnerabilities.
Audit & Security of Oracle E-Business Suite - Identifying the high-risk areas in Oracle applications and how to overcome them
Over two days you will:
- Get an overview of the Oracle E-Business Application Families: Oracle Financials and Oracle Public Sector Financials, Oracle Manufacturing, Oracle Distribution, Oracle Human Resource Management, Oracle Projects and more
- Discover how these products interface and examine their shared control points
- Learn how to identify the high-risk areas in these systems, as well as, in any application developed with Oracle's Application Object Library
- Gain an understanding of Applications' terminology and facilities, identify the components of application sign-on security, interpret user responsibilities, and investigate customised menus
- Find out how to assess the access controls provided by responsibility and role definitions including report security groups, data groups, and flexfields
- Explore application audit trail features and learn how to assess their use
- Benefit from examples of General Ledger, Oracle Receivables, Oracle Payables and Order-Entry applications
Course Director: Betty J. Dorsey
Betty Dorsey is a Senior Technical Consultant focusing on the areas of database management and systems development. She has extensive experience auditing, securing, using, and providing training for DB2, Oracle, SQL Server, Sybase and other relational database management systems and data warehouses. Mrs. Dorsey has over 25 years of experience in information technology, and has worked with Oracle Financials and other Oracle Applications since 1992. Her clients include a number of Fortune 500 companies, as well as, federal and state agencies. She has also served international clients in the United Kingdom, Holland, Hong Kong, the Middle East and Singapore. Mrs.Dorsey has authored several articles for Infosecurity News and the IS Audit and Control Journal.
Past Delegate Feedback
“Excellent introduction to audit of Oracle – if only I had been on the course 12 months ago” Department of Work and Pensions
“Good combination/ balance of theoretical and practical implementation. Certainly very relevant” World Health Organisation