Summary
In this chapter, we included the Chief Security Officer(CSO) in our governance discussions. We helped him construct a Security Balanced Scorecard with objectives for security management that are in concert with the overall corporate objectives. We then demonstrated how principles of least privilege are implemented through role design in responsibilities and the user management (UMX) application. We looked at how the principle of accountability is implemented in the standard FND_USER tables and glanced at Oracle's Single Sign On (SSO). We explained how employee on-boarding, off-boarding, transfers, and promotions must be reflected in the security system to meet the security objectives in our scorecard. We showed the CSO how the policies of the duties that must be segregated are articulated and how they are enforced through Oracle Access Controls Governor, and reported in GRC Manager. Next, we explained to him the threats, vulnerabilities, and countermeasures that are available. We...
