The Oracle outward-facing website is a virtual cornucopia of valuable information.  Unfortunately, I often just stumble onto valuable gems of knowledge instead of discovering them in an organized fashion.  Today was such a case.  Quite by accident, I found an excellent overview of Information Security issues in “Information Security, A Conceptual Architectural Approach.”  It provides, in an easy-reading 25 pages, a good overview of information security principles and approaches to addressing them.

This document referenced a larger treatise, the Oracle Reference Architecture – Security, which dives more deeply into information security issues and solutions.  In about 130 pages, this reference architecture document provides an excellent treatment of the basic principles of information security and recommended approaches to mitigate security risk.  The introduction aptly states:

Information is the lifeblood of every organization. If this Information is compromised there can be a wide range of consequences ranging from damage to a company’s reputation through to financial penalties such as regulatory fines and cost of remediation. …

Information Security is a strategic approach that should be based on a solid, holistic framework encompassing all of an organization’s Information Security requirements, not just those of individual projects. …

By taking this approach to Information Security, organizations can ensure that the components of their Information security architecture address all business critical Information and are driven by the requirements of the business.

The document is organized as follows:

1. Introduction to Information Security
2. Security Concepts and Capabilities
3. Common Security Standards
4. Conceptual Architecture View
5. Logical View
6. Product Mapping View
7. Deployment View
8. Summary