Risk of Information Leakage from the Oracle E-Business Suite
The Oracle E-Business Suite provides a large number of diagnostic and monitoring solutions. While these solutions offer comprehensive and in-depth information about your implementation, they can also...
View ArticleRisk of Information Leakage from the Oracle E-Business Suite – Attached Files
Attached files are an information leakage risk for the Oracle E-Business Suite. There are two sources, and the second is not commonly recognized.The first source is straight forward. Users of the...
View ArticleRisk of Information Leakage from the Oracle E-Business Suite - Validation Levels
Through parameter and URL tampering an attacker, or nefarious insider, can manipulate and/or construct URLs to expose information and/or attempt to circumnavigate Oracle E-Business Suite functionality...
View ArticleClik here to view.
Oracle E-Business Suite PCI DSS Credit Card Encryption
PCI requirement 3.4 mandates that the Primary Account Number (PAN) is unreadable anywhere it is stored using one-way hashes or strong encryption. The Oracle E-Business Suite Release 12 meets this...
View ArticleOracle E-Business Suite PCI Compliance
The next few blog postings will focus on PCI and the Oracle E-Business Suite. All Oracle E-Business Suite implementations that "store, process, or transmit cardholder data" must comply with Payment...
View ArticleOracle E-Business Suite, Corporate Cards and PCI DSS
A common question we receive is about Corporate Cards and PCI compliance. Corporate Cards, credit cards held by employees for corporate purposes, are not usually subject to the scope of PCI DSS...
View ArticleOracle E-Business Suite, PCI Compliance and External vs Internal Accounts
To help understand the Oracle E-Business Suite’s standard functionality to help meet PCI compliance, it is useful to know the difference between what Oracle deems as external and internal...
View ArticleOracle E-Business Suite, PCI Compliance and the Secure Payments Repository
Continuing this blog series on PCI compliance and the Oracle E-Business Suite, this posting focuses on the Secure Payments Repository. New with Release 12 of the E-Business Suite, credit card...
View ArticleClik here to view.
Enabling Credit Card PCI Protection for the Oracle E-Business Suite
The real challenge for meeting PCI compliance is the secure management of all the components and parts of the Oracle E-Business Suite environment every day of year. While Release 12 of the Oracle...
View ArticleClik here to view.
Guide to Auditing and Logging in the Oracle E-Business Suite
The auditing and logging capabilities within the Oracle E-Business Suite and Oracle Database are sophisticated and able to satisfy most organizations' security and compliance requirements. However,...
View ArticleOracle E-Business Test and Development Databases and PCI Compliance
Creating clones and copies of production E-Business Suite databases is a regular occurrence. There are several PCI DSS requirements that apply to non-production instances of the Oracle E-Business...
View ArticleOracle E-Business Suite PCI DSS Compliance, Requirement 3.4 and Decryption Risk
PCI requirement 3.4 requires PAN data to be unreadable anywhere it is stored unless it is protected. With Release 12 credit cardholder data can be decrypted at any time as easily as it is encrypted by...
View ArticleOracle E-Business Logging and Auditing, CMM and SIEM
Most Oracle E-Business Suite implementations do not fully take advantage of the auditing and logging features. These features are sophisticated and are able to satisfy most organization’s compliance...
View ArticleClik here to view.
Oracle E-Business Logging and Auditing: PCI, SOX, HIPAA, 27001 and FISMA
Continuing this blog series on Oracle E-Business logging and auditing, Integrigy’s log and audit framework is based on our consulting experience. We have also based it on compliance and security...
View ArticleClik here to view.
Oracle E-Business Suite Logging and Auditing: Page Access Tracking
Sign-On Audit only logs professional forms activity – it does not log Oracle Applications Framework (OAF) user activity. Page Access Tracking is required to log OAF activity. Once enabled, the level...
View ArticleSecuring Oracle EBS Privileged Accounts: APPS, SYSADMIN, oracle
In an Oracle E-Business Suite environment, there are a number of generic, privileged accounts at the database, application, and operating system layers. Often, there is little control or active...
View ArticlePCI Compliance in Oracle E-Business Suite
Integrigy and CardConnect present ...Achieving PCI compliance and staying PCI compliant is a big task for any business, especially when the default settings within Oracle E-Business Suite do not meet...
View ArticleClik here to view.
PCI Compliance in the Oracle E-Business Suite
Achieving PCI compliance and staying PCI compliant is a big task for any business, especially when the default settings within Oracle E-Business Suite do not meet the list of requirements set forth by...
View ArticleUpcoming Webinar: Oracle Critical Patch Update October 2011 E-Business Suite...
Oracle October 2011 CPU - Oracle E-Business Suite ImpactThursday, October 27, 2:00pm - 3:00pm EDTEvery quarter, Oracle releases a Critical Patch Update (CPU) that fixes a number of security bugs in all...
View ArticleUpcoming Webinar: Out of the Fire - Adding Layers of Protection when...
Out of the Fire - Adding Layers of Protection when Deploying Oracle E-Business Suite to the InternetThursday, March 8, 2:00pm - 3:00pm ESTWhen you externally deploy Oracle E-Business Suite Internet...
View Article