Overview

Global Information Security (GIS) defines policies for the management of information security across Oracle. Additionally, GIS sets direction and provides advice to help protect Oracle information assets (data), as well as the data entrusted to Oracle by our customers, partners and employees. GIS also coordinates the reporting of information security risk to senior leadership such as the Oracle Security Oversight Committee and Board of Directors. GIS programs are designed to preserve the confidentiality, integrity and availability of data developed, accessed, used, maintained, and hosted by Oracle, by means of:

• Leading development and review of information security policies
• Overseeing the development and approval of information security-related standards across Oracle
• Providing global oversight of information security risk management
• Managing and overseeing security assessment programs, including security testing and penetration testing
• Directing information security incident management and response
• Evaluating and approving architecture proposals for Oracle systems and cloud services
• Providing guidance and direction for information security-related industry standards and compliance requirements
• Guiding threat intelligence and vulnerability management operations
• Promoting security education, training and awareness

Information Security Manager Program

Global Information Security manages the Information Security Manager (ISM) Program. Information Security Managers serve as security advocates within their respective lines of business to increase awareness of and compliance with Oracle’s security policies, processes, standards, and initiatives.