To all Oracle topic members,
The Oracle topic is undergoing some changes. At the suggestion of ISACA’s Communities Committee and with approval by the community topic leaders, we will integrate the Oracle E-Business Suite and Oracle Database topics into Or...
Tammie111 | 7/19/2012 11:05:15 AM | COMMENTS(0)
|
Hi,
Can you assist me in providing audit procedures and tools for the review of newly migrated system JD Edwards E1 of Oracle?
Thanks for your reply.
Kind Regards,
Cecille
|
I am knew to Oracle 10g. I would appreciate information on risks associated with this database application and log files names to look out for.
Moses875 | 8/31/2011 5:33:08 AM | COMMENTS(0)
|
Hello,
I wanted to get the opinion of the group. For Oracle applications:
What tools have you seen used for the automatic migration of code/objects to production?
Do you have any clients that perform migrations manually between environments (i.e. t...
SArndt | 11/19/2010 1:19:00 PM | COMMENTS(0)
|
Hi,
I am looking for guidance on how to audit the R12 "Application Diagnostics" responsibility.
Thanks,
Susan
Susan251 | 8/31/2010 9:32:02 AM | COMMENTS(0)
|
Books
Posted by ISACA 133 days ago
|
Books
Posted by ISACA 133 days ago
|
Books
Posted by ISACA 133 days ago
|
Downloads
Posted by ISACA 450 days ago
|
Books
Posted by ISACA 468 days ago
|
Books
Posted by ISACA 476 days ago
|
30 Sep 2013
ISACA International Event
Medellín, Colombia
La Conferencia Latinoamericana CACS/ISRM 2013 en Medellín, Colombia es la conferencia principal latinoamericana para los profesionales de auditoría, riesgo y seguridad de la información. Ahorre más de EE.UU. $ 100 si se inscribe antes del 7 de agosto!
|
Volume 1, 2013
by Gregory Zoughbi, CISM, CGEIT, PMP, TOGAF9, ITIL Expert, COBIT 4.1 (F)
Many organizations choose to acquire an enterprise resource planning (ERP) system to serve as a common system for their wide range of daily operations.
|
Volume 4, 2012
by Filip Caron and Jan Vanthienen, Ph.D.
This article aims to introduce business process analytics and mining to the information systems (IS) audit and control community.
|
Volume 4, 2012
by Vasant Raval, DBA, CISA, and Greg Dyche
In this article, the term “governance” is used in the sense of information governance to discuss certain myths or misunderstandings of governance.
|
Volume 3, 2012
by ISACA | Reviewed by Shasikanth Malipeddi, CISA
Oracle PeopleSoft HCM is one of the most commonly used human capital management (HCM) system found in medium to large companies in the US.
|
Volume 1, 2011
by Jeffrey T. Hare, CISA, CPA, CIA
This article focuses on the types of risk advisory services that are common during an ERP implementation.
|
Volume 1, 2011
by David Knox, Scott Gaetjen, Hamza Jahangir, Tyler Muth, Patrick Sack, Richard Wark and Bryan Wise | Reviewed by Horst Karin, Ph.D., CISA, CISSP, ITIL
The strength of this book is its comprehensive knowledge, which is presented in an easy-to-understand style with useful supporting background information.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.
|
Checklist 2.0 - Organized Best Practices – is a collaborative and customizable web platform tool for generating up-to-date and peer-reviewed audit plans, audit programs, and best practices in different technology domains. Checklist 2.0 content is contributed to, and organized by, trusted experts and authoritative sources around the world. Checklist 2.0 covers a diverse range of requirements including SOX, HIPAA, PCI-DSS, ISO etc.
|
|
Case Studies Based On Real World Experience
All OIC Member Contractors have the option to participate in a new component of our Oracle Governance, Risk and Compliance (GRC) training called OIC GRC Reality. You will have an opportunity to participate...
Posted By : RogerDrolet | 4 comments
|
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs). In many instances this represents a security risk as the Oracle database password is hardcoded into the script. This means th...
Posted By : Ian Cooke | 0 comments
|
|
The increased complexity and diversity in the information systems and the inability to rebuild the information systems from scratch is forcing enterprises to look at EAI as an alternative solution that will help extend the life of the existing application...
Posted By : Kannan | 0 comments
|
The main idea I am trying to advocate with these posts is a simple one.
Compare a database you are auditing against a database that you know already meets the standards required by the organisation you are auditing.
This is achieved by creating “CSV...
Posted By : Ian Cooke | 1 comments
|
|
The company you are auditing should have a policy on what is being audited within your Oracle database. The level of auditing will almost certainly be affected by the sensitivity of the data. Good examples and bench marks for auditing may be seen in th...
Posted By : Ian Cooke | 0 comments
|
Before we get into auditing Oracle privileges a reminder of a few definitions might be helpful.
A user privilege is the right to run a particular type of SQL statement, or the right to access an object belonging to another user, run a PL/SQL package, a...
Posted By : Ian Cooke | 1 comments
|
|
|