Introduction to Guidelines for Auditing and Logging

About Auditing and Logging

Satisfying compliance regulations and reducing the risk of security breaches are among the top security challenges businesses face today. Examination of numerous security incidents has shown that timely examination of audit data could have helped detect unauthorized activity early and reduced the resulting impact. Well-known regulations, such as the Sarbanes-Oxley Act (SOX) and Health Insurance Portability and Accountability Act (HIPAA), combined with industry driven initiatives, such as the Payment Card Industry Data Security Standard (PCI-DSS), and the proliferation of Breach Notification laws, have resulted in information protection becoming a top-level issue for the enterprise. As security threats become more sophisticated, monitoring is becoming an increasingly important component of the defense-in-depth architecture.

Unauthorized access, use, or disclosure of sensitive and critical information can seriously impact both individuals, by contributing to identity theft, and the organization, by reducing public trust in the organization. It is not enough to simply secure such data, but companies must also must provide auditing as a means of ensuring compliance.

Oracle E-Business Suite and its associated technology stack provide a variety of auditing mechanisms to address different requirements. This document is intended to introduce and describe the various auditing mechanisms available, what tasks they should be leveraged for, and recommendations for how to configure them in the context of Oracle E-Business Suite.

Why Audit?

There are many different reasons for configuring an Oracle E-Business Suite environment for auditing and logging. The most common reasons that administrators are required to configure auditing and logging include the following:

Similarly, there are a variety of roles that may be interested in auditing different aspects of Oracle E-Business Suite:

While the mechanisms described in this document will be useful for any of the reasons and roles mentioned above, we will be focusing on monitoring the Oracle E-Business Suite application and technology stack to monitor current usage, how to detect attacks and suspicious activity, and auditing and logging configuration that will allow for a more comprehensive incident investigation after an attack.