http://www.securityprocedure.com/tag/oracle-finance The taxonomy view with a depth of 0. en http://www.securityprocedure.com/oracle-security-audit-procedure-and-checklist-5-basic-controls <p><IMG SRC="http://img177.imageshack.us/img177/1718/oraclelogoyq9.jpg"><br /> Need to audit an Oracle Database or Application; here is simple guidance, 5 basic controls that you should monitor.</p> <p><b>1. Password Management<br /></b></p> <ul> <li>Default Passwords, should be changed</li> <li>Required Passwords, should be enabled</li> <li>Password Composition, should be contain character, numeric and combination</li> <li>Password Expiration, should be expire within period e.g. 30 days</li> <li>Password History, should be not repeated after period e.g. 12 password.</li> </ul> <p><b>2. User Management</b></p> <ul> <li>Administrator Account, should be secured. All administrator account should be stated clearly and who&rsquo;s responsible with it.</li> <li>Default user account, should be removed or deactivated</li> <li>Vendor / third party account, should be monitored</li> <li>Dormant Account, should be maintained.</li> </ul> <p><b>3. Security Feature</b></p> <p><a href="http://www.securityprocedure.com/oracle-security-audit-procedure-and-checklist-5-basic-controls">read more</a></p> http://www.securityprocedure.com/oracle-security-audit-procedure-and-checklist-5-basic-controls#comments Oracle Finance Procedures Security Tue, 18 Mar 2008 04:01:20 -0500 root 87 at http://www.securityprocedure.com http://www.securityprocedure.com/why-sap-better-oracle-finance-security-perspective-part-1 <p><IMG SRC="http://img144.imageshack.us/img144/3774/sapof7.png" HEIGHT="70"><IMG SRC="http://img177.imageshack.us/img177/1718/oraclelogoyq9.jpg"><br /> There are a lot of comparison between SAP and Oracle Finance available nowadays; this article is focusing the comparison in security or audit perspective.</p> <p><H3>1. Security Configuration</H3>SAP stored their security configuration in application security level; Oracle Finance stored their security configuration in database security level. Storing configuration in application security level means that we could added the security level also in database configuration. So SAP will have two times higher security level than Oracle Finance.</p> <p>Here is audit procedure to check both of Oracle Finance and SAP R/3 security configuration.</p> <p><B>SAP R/3 Procedure: </B><br /> Execute Transaction Code SA38<br /> Run report RSPARAM</p> <PRE>login/failed_user_auto_unlock login/fails_to_session_end login/fails_to_user_lock login/min_password_lng login/multi_login_users login/no_automatic_user_sapstar login/password_change_for_SSO login/password_expiration_time login/password_logon_usergroup login/password_max_new_valid login/password_max_reset_valid. </PRE><p><a href="http://www.securityprocedure.com/why-sap-better-oracle-finance-security-perspective-part-1">read more</a></p> http://www.securityprocedure.com/why-sap-better-oracle-finance-security-perspective-part-1#comments Oracle Finance Procedures SAP Fri, 14 Mar 2008 20:39:18 -0500 root 79 at http://www.securityprocedure.com