- Get hands-on experience of Oracle E-business Suite (EBS)
- See and use the EBS administrative functions
- Understand how EBS interfaces with the Oracle database
- Understand the components that make up EBS and their functions
- Understand the EBS internal data structures
- Learn how EBS security works, and how to audit its settings
- Identify and evaluate EBS risks at the database, application and user levels
- Learn how to use the EBS diagnostics and reporting functions
- Learn how to extract audit data from EBS using your own SQL scripts
This practical MIS training course will provide you with the tools and techniques you need to audit the Oracle E-business Suite.
You will learn how the Oracle E-business Suite (EBS) works, and how to evaluate its security controls, with hands-on access to an E-business Suite server. You will learn about the different modules and components that make up an EBS installation, and how they interact. Using the administrative functions of EBS you will see how users and their access to EBS are controlled, and how roles and responsibilities are used to manage usersí access to EBS data. You will lean where the main risks are in an EBS, how to assess them, and what countermeasures can be specified to mitigate them.
You will learn how EBS interacts with the Oracle database management system, the Oracle Application Server, and the host operating system. You will learn about responsibilities forms, menus and functions, and how they are used to enforce EBS separation of duties. You will understand the issues involved in assessing EBS separation of duties and learn about ways of assessing this complex and difficult audit area, including a review of commercial third-party software.
You will take a detailed tour of the EBS foundation tables, and understand the information stored in them and how it used by EBS to control userís ability to process EBS business data. You will see how system profile options and their settings can be used to set both global and more detailed security for the EBS environment.
You will see the built-in standard audit information stored by EBS and understand the operation of the EBS auditing system, to generate more detailed audit data, how it is activated and what can be audited. You will learn how to use the built-in reporting and diagnostic facilities of EBS to obtain management and control information, and how to write your own SQL routines to extract audit data when built-in reporting functions are not sufficient.
You will receive a detailed course manual and an audit checklist to help you plan and manage your future EBS audits.
The courses will be based on Oracle EBS version 12.1.
Hands-on access to an Oracle EBS system, group discussions and demonstrations of third-party software will be used to emphasise the key audit and security issues. A risk-based approach will be used to allow delegates to identify key risk areas, evaluate the degree of risk involved and recommend countermeasures where appropriate
Course Director: Steve Rimell
Steve has over 20 years practical experience in information systems auditing. He has extensive experience as an Audit Manager, running a commercial IS audit service with extensive knowledge of the security and control of UNIX, Oracle, Windows, and networking environments such as TCP/IP. He is also a founding member of the Institute of Information Security Professionals (IISP).