Overview

Global Information Security (GIS) defines policies for the management of information security across Oracle. Additionally, GIS sets direction and provides advice to help protect Oracle information assets (data), as well as the data entrusted to Oracle by our customers, partners and employees. GIS also coordinates the reporting of information security risk to senior leadership such as the Oracle Security Oversight Committee and Board of Directors. GIS programs direct and advise on the protection of data developed, accessed, used, maintained, and hosted by Oracle by means of:

• Leading development and review of information security policies
• Overseeing the development and approval of information security-related standards across Oracle
• Providing information security risk management guidance
• Managing and overseeing security assessment programs, including security testing and penetration testing
• Directing information security incident management and response
• Evaluating and approving architecture proposals for Oracle systems and cloud services
• Providing guidance and direction for information security-related industry standards and compliance requirements
• Guiding threat intelligence and vulnerability management operations
• Promoting security education, training and awareness

Information Security Manager Program

The Information Security Manager (ISM) Program objectives are to raise information security awareness and reduce risk. The program provides a formal context through which Oracle employees collaborate and work collectively to promote good security practices and an understanding of Corporate Information Security Policies within their respective Lines of Business.