Corporate Security Architecture Oversight

Overview

The Oracle corporate security architect helps set internal information-security technical direction and guides Oracle’s IT departments and lines of business towards deploying information security and identity management solutions that advance Oracle's Information Security goals. The corporate security architect works with Global Information Security and Global Product Security, and the development Security Leads to develop, communicate, and implement corporate security architecture roadmaps.

Corporate Security architecture manages a variety of programs and leverages multiple methods of engaging with leadership and operational security teams responsible for Oracle operations, services, cloud, and all other lines of business.

An example program for managing the security of Oracle’s architecture is the Corporate Security Solution Assurance Process (CSSAP).

Corporate Security Solution Assurance Process

CSSAP is a security review process developed by Corporate Security Architecture, Global Information Security, Global Product Security, Oracle Global IT, and Oracle's IT organizations to provide comprehensive information-security management review.

CSSAP helps to accelerate the delivery of innovative cloud solutions and corporate applications by requiring appropriate reviews to be carried out throughout the project lifecycle, so that projects are aligned with:

  • Pre-review: the risk management teams in each line of business must perform a pre-assessment of each project using the approved template
  • CSSAP review: the security architecture team reviews the submitted plans and performs a technical security design review
  • Security assessment review: based on risk level, systems and applications undergo security verification testing before production use

CSSAP helps to accelerate the delivery of innovative cloud solutions and corporate applications by requiring appropriate reviews to be carried out throughout the project lifecycle, so that projects are aligned with:

  • Oracle Corporate Security Architecture strategy and direction
  • Oracle Corporate security, privacy and legal policies, procedures and standards

Oracle Cloud Program

Corporate Security Architecture manages a cross-organization working group focused on security architecture, with the goal of collaboratively guiding security for Oracle Cloud. Participation includes members from Oracle Cloud development, operations, and governance teams.