ABSTRACT With the advent of 21st century, information technology has dominated the industry

completely. The success of any business venture has become dependent upon the use of technology,
and organizations are competing on the basis of suitability of technology in performing their core
functions (Higgins, 1999). Technology has not only modernized the operational aspects of the company
by bringing efficiency and automation in core business functions but has also become an important
attribute to gain competitive advantage in tremendously growing markets all over the world. Not long
ago, information was considered redundant as there were not enough resources to process the
information for strategic decision making and now, information is considered an important asset which
can change the fate of any organization, if supported by the suitable technology. In the race of
information technology and software development, there are some companies which deserve the credit
of reshaping the business world, and Oracle is one of those outstanding firms. The paper discusses the
role of information technology in a modern business organization and the need of securing information
assets from cybercrime threats through proper cybersecurity measures and policy standards, which
have been serving a cutting edge factor for Oracle, helping it grow and support other organizations by
providing them technical and tactical solutions.

2 COMPANY PROFILE One of the most successful and fastest growing computer software company,
Oracle has been serving the industry for many decades, providing its clients database management
systems, cloud solutions and highly specialized software application to run and manage ever-
increasingly sophisticated and complex organizational challenges. A multi-billion dollars giant holds a
customer base of more than 40 million worldwide who are enjoying the technical specialties of Oracles
40,000 developers & engineers, 16,000 support personnel and 18,000 consulting experts operating in
110 countries around the world. Offering integrated series of applications, database management
systems, cloud storage solutions and other technologies, Oracle makes sure the flexibility in their
systems so that they are adaptable to industry players, and further ensures that all technological
offerings are solution oriented, delivering tailored needs of the business. Oracle has the following major
offerings:

1. Oracle Cloud Solutions: To help businesses innovate faster and grab new business opportunities,
Oracle offers highly integrated portfolio of cloud solutions for information technology systems ,
Cybersecurity systems, SaaS, PaaS, IaaS, DaaS leveraging companies shift the burden of information
management to the trustable organization which doesnt only specialize in delivering these services but
also understand the values of working with clients; understanding their needs and delivering them most
efficient and cost effective cloud base solutions. 2. Oracle Database: Majority of organizations around
the globe are not able to build database management infrastructure owing to the challenging
investments and specializations in building the infrastructure and managing them in a hassle-free way.
Oracle database solutions enables highly consolidated information storage solutions so that companies
can accelerate and grow by processing the consolidated information for strategic decision making.
Oracle has successfully injected some breakthrough database products in the market, among which
MySQL is the most 4 popular open source database which is a cost and performance effective database
solution serving many companies all over the globe. 3. Oracle Servers: Oracle specializes in high
performance management servers with an objective to simplify management and maintain high
availability at moderate costs 4. Oracle Storage Solutions: Oracle has designed accelerating and efficient
storage solutions for medium and large scale enterprises to manage information resources robustly.
SECURITY STRATEGY AT ORACLE Oracle is one of the most advanced software solutions company of the
world which designs and promote information technology solutions but at the same time integrating the
key aspect of security in them. Oracle deals with millions of individual and enterprise clients which uses
Oracles solutions on daily basis to perform organizational operations. There are loads of information
assets which are stored in Oracles database systems, and are flowing on a range of servers. Oracle
completely understands the need of maintaining the protection standards of the information it possess
directly or is able to qualify. With every information asset, there is a great deal of ensuring its safety and
protection from ever-increasing cybercrime threats and security challenges faced by small and large
enterprises. Being one of the most successful service provider, it very important to develop an element
of trust among clients, and as significant is the element of trust, it demands highly integrated and robust
software developments which demand state of the art security features embedded into these systems.
Oracles information security strategy has the following key dimensions: Confidentiality of Information
Oracle has developed a range of software applications and tools which help other software systems
store information ensuing the confidentiality of information. Oracle has clients, ranging from university
entities 5 to highly sophisticated financial enterprises, which store and process their information on
Oracle data bases and servers. Oracle understands the need of securing confidential information of the
clients by staging firewall features and authentication protocols for accessing the information system.
These authentication protocols are so advanced in nature that even if a breach happens at any server
node, it gets monitored by artificially intelligent monitoring systems, directing the incident to the
security expert who look over the breach and take the quick response. Data integrity Information stored
in Oracles database management systems is ensured to maintain integrity. However, it is very
challenging for Oracle developers to develop relational and object-oriented database management
solutions which ease the retrieval process and not burdening the processing servers, and at the same
time, ensuring highly sophisticated authentication protocols supported by multi-layered firewalls. Oracle
databases are mainly designed for cloud computing, and all the information is consolidated and
managed through web enabled processing. Oracle database systems are scalable and can be rapidly
provisioned, allowing users to alter information stations in minute, but only if they are authorized to do
so, however, if accessing entity is not authorized to enter into a system, it is very difficult to bypass the
authentication protocols leaving very minute chances of integrity breach. Oracle realizes the rapidly
developing cybercrimes, and is thereby, it is continuously striving for more secure systems which can
provide fool-proof protection to data integrity under highly sophisticated cyberattacks. Data Availability
In all the services Oracle provides to tons of clients, the aspect of data availability is taken into keen
consideration. Oracles clients operate in highly competitive market which demands, error free and
friendly server systems, so that they dont face any hassle or disruption while they access information.
All 6 databases and cloud servers are made to act super-efficient when it comes to retrieving
information. Oracle takes the following measures to ensure data availability and customer security at
the same time: 1. F5 load balancers with SSL acceleration system 2. Multi-Gigabit NICs connecting many
processor servers 3. Failover database server 4. Tape library for off-site data storage 5. Terminated web
farms Physical Security of Information Assets Although could severs and web based application are
prone to security breaches, hence, the term cybercrimes has been hovering the information technology
world, but it is very important to ensure the security of physical assets of the company which are
installed at centralized data centers at different locations, all over the world (Poathumus and solms,
2005). These data centers have state of the art security and monitoring systems which doesnt allow any
unauthorized personnel to access the system without the permission of security officials. Even
employees working in those data centers are not allowed to access the database servers and there are
very stringent policies in place, which makes sure that all the employees follow security protocols, and in
case of any deviation, very strict action is taken depending upon the critical nature of the unauthorized
access (Verton, 2000). Following security measures are in place at data centers; 1. All main doors and
backdoors of the facility are monitored through video monitoring 2. The architecture of the data facility
is planned to avoid any destruction from natural hazards like earthquakes, lightening and storms. 3.
Data facility is secured by biometric scanners, man-traps and highly sophisticated access cards. 7 4.
Network equipment at server rooms is locked through cages inside the facility so that no person at all
could access them physically unless there is a technical situation, and in that case, the entire activity is
monitored by security cameras and the security officials who escort the technical personnel into the
servers facility. 5. The background of employees working at data facility is thoroughly checked, and the
lists of employees are regularly updated to make sure to ensure the access to the authorized individuals
only. 6. Security policies are strictly enforced upon all the employees to reduce the probability of any
unexpected vulnerability at the data facility. 7. Uninterrupted power supply and backup power systems
are installed at the facility to make sure that security and environmental alarms function properly in
case of a security situation at the facility Logical Security Oracle Services are mostly cloud based, and
company employees need to access web based applications by sitting at remote locations, and in order
to protect the system from any unauthorized access, multilayered access authentications are required
to open the system via cloud application (Witty and Hallawell, 2003). Access grants are classified on the
basis of persons role after assessing the need to accessing that system. Roles are granted through
assessment of who needs to access what, and this helps the company in limiting the access by everyone.
In case an employee resigns or gets terminated, his access rights into any Oracle application are
terminated outright. Network activities are continuously monitored and through network audit systems
to filter any attempt to access customers data and its purpose. 8 Disaster Recovery System No matter
how robust an information system is, there are cybersecurity threats which makes it very important to
plan and frame a disaster recovery strategy (Trauth and Jessup, 2000). Considering the highly
demanding nature of Oracles cloud systems, it is important to proactively work on a strategy which help
the security experts to deal with the incident in a quick but effective way, and ensuring that clients;
operations are disrupted to the minimal level. Oracle has a very detailed recovery strategy plan which
contains the guidelines and standard procedures to be followed for different disaster incidents to the
system infrastructure. There are redundant copies of customers data at different geographic locations
to prevent information loss in case of a natural or man-led disaster. Customers data is replicated
immediately in case needed at another data facility with the help superfast replication servers. Anti-
Virus Applications Customer traffic is monitored round the clock with the help of intrusion detection
software applications which can filter any skeptical or unauthorized activity. This system is embedded
into the Oracle Service Cloud. Web monitoring system follows customer logs and prepare a daily report
highlighting any abnormal activity which might be harmful for the cloud system (Sarker and Sahay,
2001). These logs are reviewed on daily basis to identify if there exist any vulnerability in the system and
what proactive measure can be taken to protect the system. Every file which enters into Oracle system
is scanned through Anti-virus tool to make sure it qualifies the security requisites to enter the system,
and in case it contains any malicious signature codes, security experts prepares an immediate action
against the file source. Assessment of the System Internally and Externally Every new application is
thoroughly tested to find out its qualification on security standards. If an application does not meet the
security requirement, it is not launched and weaknesses are worked upon to 9 make it fool-proof. This
assessment is done internally using Oracle testing tools and security experts, however, to lead some
advanced assessments, third party assessments are conducted. Regression testing and feature testing is
applied on almost all the applications before launch. Source code scans are tested again before the
addition of a new code or the alternation in the previous code. All the service releases at Oracle undergo
a series of assessments to detect if there are any vulnerabilities in the system. In case the application
has any weak node which could possibly become a vulnerability for the system, it is sent back for further
developed unless software patches make it ready to launch. Compliance with Regulatory Standards In
order to maintain integrity in the Oracle Service Clouds, compliance of cybersecurity measures is given a
huge importance. This helps the company in gaining the vote of confidence form clients, resulting in
better business prospects (Davis, 1996). So far, Oracle is serving as the most trusted cloud solutions
company owing to its strict compliance with rigorous security standards. They are certified in a way that
they meet the most challenging and demanding environments for the sustainable security. Oracle
complies with the following regulatory standards: 1. Payment Card Industry Data Security Standard (PCI
DSS) 2. Health Insurance Portability and Accountability Act 3. Gramm-Leach-Bliley Act 4. NIST 800-53 5.
Federal Information Security Management Act Oracle complies with a number of other standards, just
to make their systems more secure, especially when it comes to securing information from cybercrime
threats and other disasters which can lead to business losses and potential legal liabilities. 10
CONCLUSION Information technology has dominated the industry completely. The success of any
business venture has become dependent upon the use of technology, and organizations are competing
on the basis of suitability of technology in performing their core functions. Technology has not only
modernized the operational aspects of the company by bringing efficiency and automation in core
business functions but has also become an important attribute to gain competitive advantage in
tremendously growing markets all over the world. Not long ago, information was considered redundant
as there were not enough resources to process the information for strategic decision making and now,
information is considered an important asset which can change the fate of any organization, if
supported by the suitable technology. The paper discusses the role of information technology in a Cloud
Service Provider like Oracle, and the need of securing information assets from cybercrime threats
through proper cybersecurity measures and policy standards, which have been serving a cutting edge
factor for Oracle, helping it grow and support other organizations by providing them technical and
tactical solutions. 11 APPENDIX Mission Our mission is to help our clients achieve greater success by
assisting them to move from where they are now to where they want to be in the no-to-distant future
by helping them to increase profits and earnings, build and protect their assets and wealth, and run a
successful business with the right organizational structure in place. Vision To become our clients
trusted advisors and to make a difference to our clients business 12