The following is intended to outline our general

The following is intended to outline our general

product direction. It is intended for information

purposes only, and may not be incorporated into any

contract. It is not a commitment to deliver any

material, code, or functionality, and should not be

relied upon in making purchasing decision. The

development, release, and timing of any features or

functionality described for Oracle's products remains

at the sole discretion of Oracle.

Copyright ©2009, Oracle. All rights reserved. Oracle Confidential

Strategies for Managing Risk and Thriving in a

Dynamic Environment

Gail Coury CISA, CISSP, CISM

Vice President, Risk Management, Global IT

Oracle Corporation

*Source: http://www.oracle.com/corporate/information-powers-profitability.pdfCopyright ©2009, Oracle. All rights reserved. Oracle Confidential

Information Technology @ OracleFOUR MAJOR FUNCTIONS

TRADITIONAL

ON DEMAND

DEVELOPMENT

ORACLE UNIVERSITY

Supporting 85K internal users and

1.2M+ external users in 145 countries

– 6.5K Internet facing hosts

– 137K+ Desktops / laptops managed

with nearly 1M client pushes/year

– 70M+ Security events collected /day

– 1.8M+ OS patches /year

Supporting 21K developers building

over 3K products globally

– 33K servers and 7PB of storage

– Over 2K servers run 52K hours of

regression testing

– Product builds as frequently as hourly

Supporting over 4.5M users

– World’s largest Linux application grid

– 3.5K environments

– 5K servers

– 17K patches analyzed & installed

– 24K CEMLI promotions

Supporting 320K students annually

– ~ 700 classes per week in 56 countries

& 2 dozen languages

– Course catalog of nearly 3K titles

– Auto-provision complete 1200-1400

virtual environments weekly on ~200

servers


Gartner: The 2009 CIO Agenda


Business Expectations for IT

Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential



Business Expectations for ITSAME PRIORITIES GLOBALLY – PUBLIC & PRIVATE SECTOR


Organization

Self Service

Processes

Network

Data Center

Collaboration

Applications

Shared Services

Consolidation & Standardization


Simplifying Information Systems


Improving Margins

15%

25%

35%

45%

1998 1999 2000 2001 2002

Operating Margin %

Fiscal Year

15%


Consolidation& Standardization

TailoredOfferings

Operational ExcellenceLower Cost

SpeedCustomer Intimacy

Changing the Paradigm


Over 50 Acquisitions in 4+ Years


http://www.triplehop.com/ie/

http://www.innodb.com/index.php

http://www.oracle.com/octetstring

http://www.360commerce.com/display.php

F:/

http://amber.demo.net4call.com/portal/page?_pageid=234,556112&_dad=portal&_schema=PORTAL

http://www.demantra.com/index.asp

http://www.mantas.com/index.html

http://www.sigmadynamics.com/index.html

http://www.metasolv.com/MSLV/CDA/General/Homepage.aspx

http://www.splwg.com/index.php

http://www.appforge.com/index.asp

http://www.auptyma.com/index.htm

Expanding Markets & CustomersWHERE IT IS A KEY ENABLER

Oracle On Demand for Siebel CRM

Oracle CRM On Demand PeopleSoft Enterprise On Demand

Oracle E-Business Suite On Demand

Oracle Technology On Demand

JD Edwards World On Demand

Oracle Hyperion On Demand

On Demand Partner Solutions

On Demand for Fast-Growing Companies

On Demand for Healthcare

On Demand for Business Intelligence

Oracle SaaS

Oracle Social CRM

Oracle Beehive On Demand

On Demand for U.S. Federal Government

Oracle Sales Library

Oracle Self-Service E-Billing On Demand

Oracle CRM On Demand Single Tenant Standard Edition

Oracle CRM On Demand Deal Management

And More…


Enabling Revenue Growth

$0.0

$10.0

$20.0

$30.0

2004 2005 2006 2007 2008 2009

Revenue ($Billions)

Fiscal Year




1. Creating new projects or services (innovation)

2. Improving business processes

3. Attracting and retaining new customers

4. Expanding into new markets or geographies

5. Creating new sources of competitive advantage

6. Improving enterprise workforce effectiveness

7. Reducing enterprise costs

8. Increasing the use of information/analytics

9. Targeting customers and markets more effectively

10. Expanding current customer relationships

11. Managing change initiatives

12. Consolidating business operations

13. Supporting regulation, reporting and compliance

2012

CIO Strategies


CIO StrategiesFOCUS ON COST REDUCTION


Oracle IT as a % of Total Revenue

3.1%

1.6%

0.00%

1.00%

2.00%

3.00%

4.00%

Q1

06

Q2

06

Q3

06

Q4

06

Q1

07

Q2

07

Q3

07

Q4

07

Q1

08

Q2

08

Q3

08

Q4

08

Q1

09

Q2

09

Q3

09

Q4

09

Fiscal Year


CIO StrategiesFOCUS ON IT GOVERNANCE

Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved.

Copyright ©2009, Oracle. All rights reserved.

IT Governance

ITGOVERNANCE

RESOURCE

MANAGEMENT

Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved.

CIO StrategiesIT GOVERNANCE ENABLES CIO STRATEGIES

ITIL v3 - The Vehicle

ITIL v3 - An approach to IT based on

standards and practices set out in

the third version of the Information

Technology Infrastructure Library

(ITIL v3).

IT Service Management (ITSM) - A

set of best practices focused on

providing IT services that are built

around customers’ business needs

and end with results that provide real

business value to the customers.


CU

ST

OM

ER

IN

TE

RA

CT

ION

SD

ES

IGN

&

OP

ER

AT

ION

SP

RO

JE

CT

M

AN

AG

EM

EN

TS

ER

VIC

E

ST

RA

TE

GY

RIS

K

MG

MT

ON

DE

MA

ND

OR

AC

LE

UN

IVE

RS

ITY

INT

ER

NA

L C

US

TO

ME

RS

AU

ST

IN D

ATA

CE

NT

ER

RO

CK

Y M

OU

NTA

IN D

ATA

CE

NT

ER

SE

CU

RIT

Y

HE

LP

DE

SK

FIE

LD

SE

RV

ICE

S

AP

PL

ICA

TIO

NS

NE

TW

OR

K

Where We Started


EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

Where We StartedFUNCTION BASED ORGANIZATION

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

POCKETS OF EXCELLENCE | MANY DOORS | REACTIVE


Addressing The Fundamentals


EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

Where We AreSERVICE BASED ORGANIZATION

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

RT

RA

NS

ITIO

N T

O

PR

OD

UC

TIO

NO

PE

RA

TE

&

SU

PP

OR

T

EN

GA

GE

WIT

H

ST

AK

EH

OL

DE

RS

AR

CH

ITE

CT

&

EN

GIN

EE

R

TR

AN

SIT

ION

TO

P

RO

DU

CT

ION

OP

ER

AT

E &

S

UP

PO

RT

Highly Leveraged

Consistent Delivery

Immensely Scalable


Commitment to Transform


Transformation Journey

ITSM Improvement Program


ITILv3

LIFT Objectives & Success Criteria


ProblemManagement

Incident Management

Request Management

Access Management

Service Asset & Configuration Mngmt

Service Design

Capacity Mngmt

Availability Mngmt

Service Transition

Supplier Mngmt

Change Management

Event Management

Service Operations &

Support

LOB Demand Mngmt

Bus. Relationship

Mngmt

Service Opportunity Identification

Project Request Eval. Process (PREP)

Project Mngmt

ITSM

LIFT Processes by Group


LIFT ProgramSERVICE INTEGRATION PROCESS (SIP)


IT Audits IT Controls

SOX ~18

SAS 70 ~108

PCI ~202

FISMA ~245

… …

LIFT Program – COBIT Mapping

COBIT:210 Control Objectives

LIFT: 25 Processes


CIO StrategiesIT GOVERNANCE ENABLES CIO STRATEGIES

INFORMATION TECHNOLOGY PRACTICE

INFORMATION RISK EXECUTIVE COUNCIL

In response, Information Security leaders in 2010 plan to:

• restructure security governance to account for new, distributed risks

• restructure metrics to focus on risk reduction rather than security operations activities

Source: Information Risk Executive Council: Top 2010 PrioritiesCopyright ©2009, Oracle. All rights reserved. Oracle Confidential

Global CRM

Copyright ©2009, Oracle. All rights reserved.

Risk ManagementA CRITICAL PART OF IT GOVERNANCE

My Oracle Support

Oracle On Demand

Customer Record Lifecycle

Accounts

New Orders

Sales Contacts

Service Requests

Technical Contacts

Accounts

Products

Employees

Contacts

Entitlements

Service Lines


Global CRM ImplementationOPTIMIZING OUR GO-TO-MARKET

Objective

• Global, consistent, streamlined, and scalable campaign to opportunity to quote processes

Approach

• Go Native – Go Fast

• Consolidation/Centralization

• Start Clean, Stay Clean

• Standards based Integration

• Drive value with BI

Planned

• Master Data Management

• Social CRM, Mobility

Sales

Marketing

Alliances

Partners


Next Generation Support

• Embedded Configuration Management

• Extensive Knowledge Base &

Communities

• Personalized & Proactive Service

Outcome: Customer Success

• 25% problems avoided

• 40% faster problem resolution

• 30% faster service request creation

• 97% of problems resolved quicker with

targeted knowledge

Webstar Service Excellence Award

2003 through 2007

My Oracle SupportNEXT GENERATION CUSTOMER SUPPORT

SSPA

Best Embedded Product Support

2008

+


2006

•

Agent• Oracle Diag. Methodology• Collaboration• Product Line Alignment• Defect Integration

Knowledge Management• KM communities• Customer Feedback

Portal• Custom Home Page• Patch Downloads• Implementation Projects

• Service Oriented Architecture• Siebel CRM 8.0• Siebel Analytics• Apps Dev Framework• Oracle PL/SQL, JAVA

• Oracle 10g Database• Oracle 10g Apps Server• Oracle Enterprise Mgr • Oracle Secure Enterprise

Search

• Single Sign On• Oracle Identity

Management• Account Provisioning

• Linux OS• Oracle RAC• Oracle Grid• Oracle VM

• Informatica• Disaster Recover y• High Availability• Global Call Center

(telephony)

My Oracle Support

Hyperion Migration

Portal• SR language• Multi-lingual survey support

Agent• SR vulnerability

Siebel Migration

PeopleSoft, JD Edwards Migration

Portal• SR Viewer• Certify Re-Write

Agent• Defect Integration

Portal• Unified product support• Enhanced ticketing

Agent• ITIL compliance• Task-based UI• Automated Ticket Routing

Knowledge Management• Call Center Integration• Portal Integration• Create & Edit solutions

CRM On Demand Migration

Infrastructure

Portal

• Internal/External

• Forums/Certify

• OnDemand

Oracle & BEA Migration

Agent

• Engineer Workspace

• Partner/Service Packs

• Telephony integration

• BugDB integration

• Univ prioritizationKnowledgeManagement

• Feedback

2007 2008 2009 2010


1.2 MILLION USERS

75 APPLICATIONS INTEGRATED

Change Management

Patch Management

Regular Scanning & Remediation

MaintainDesign

Corporate Security Architecture Review

Board

Security Technical Review

Design Revision & Validation

Build and Test

Security Development Process

Documentation and Code Review

Technical Security Assessment

Penetration Testing

Remediation

Validation

Access Control Testing

Oracle Security Policy, Technical Standards, and Training

GOALApproved Service

Design

GOALRollout of Secure

Systems

GOALRisk Levels within

Tolerance


Oracle On DemandHELPING CUSTOMERS DO MORE WITH LESS

• Pay-per-Use

• At Oracle or Customer

• Oracle Scheduled maintenance

Multi-tenant SaaS

• Pay-per-Use

• At Oracle

• Customer Scheduled maintenance

• Licensed

• At Oracle

• Customer Scheduled maintenance

• Licensed

• At Customer or Partner

• Customer Scheduled Maintenance

Single-tenant SaaS

Hosted & Managed

Remote Management

• Over 4.5 million users

• 89% of customers on most current releases

• World’s largest Linux application grid

• Oracle Solution Showcase

– 3,500 environments

– 5,000 servers

– 17,000 patches analyzed & installed

– 24,000 CEMLIpromotions


Oracle On DemandORACLE EXPERTS MANAGE THE ENTIRE STACK

@Oracle - @Customer - @Partner

Operating System

Database

Middleware

Applications

Infrastructure


Industry Awards:

• Black Book #2 Best Managed Outsourcing Vendors 2009

• Best Embedded Product Support 2008

Advanced Services:

• Federal On Demand

• Disaster Recovery Services

• PCI Compliance – Base & Advanced

• Migration Services

• Functional Help Desk Services

http://www.demantra.com/index.asp

Oracle On DemandEnterprise Grade SAAS Applications


IT Security Best Practices


ISO

270002

SAS 70

(Public

Firms)

HIPAA

(Health

Care)

PCI DSS

(FSI,

Retail)

NIST

(Federal

Agencies)

21 CFR 11

(Life

Sciences)

Policy Development & Maintenance

Asset Management

Access Control & Mgmt

HR Security Controls

Change Control Procedures

Segregation of Duties

Cryptographic Controls

Backup and Recovery

Media Handling

Monitoring, Auditing, & Logging

Standards/ Regs

Process ControlsIndustry

Common Controls Fulfill Multiple Requirements


Governance, Risk & ComplianceORACLE GRC APPLICATIONS

MANDATES

ISO 27002

SAS 70

21 CFR Part 11

HIPAA

PCI DSS

NIST

BUSINESS PROCESS

FRAMEWORK

ISO | COSO | COBIT | ITIL

RISK

Impact

Likelihood

SYSTEM

Identify Requirements

Establish Objectives

Remediate Issues

Evaluate Controls

PROCESS

Report & Respond

Review & Improve

Assess Risk


Governance, Risk, and Compliance BEST PRACTICES

R1 R2 R3

C1 C2 C3

C5 C6 C7

C9 C10 C11

Business Process

Controls

ISO 27002 HIPAASAS 70

Consolidate multiple standards and regulations

onto a single platform

Manage risk in a disciplined & consistent

fashion

Embed automated controls into standard business

processes

Context & Types

Identify & Associate

Analyze & Evaluate

Respond & Manage

Enterprise Risks


GRC: Derived Value and Results To DateEfficiencies Gained

• Automated trend analysis saves up to 40 hours of effort previously required to manually compile data each month for ISO 27001 control assessments

• Over 300 risk and compliance metrics on a consolidated, near real-time dashboard for multiple Lines-of-business

• Automated workflow also drives efficiencies in large document management workflow initiatives saving .5 hours for every 8 hours spent on each audit in reduced coordination, data management, and issue tracking functions

• Dynamic performance visualization with drill down capabilities and flexible data access and search functionality

Process Improvements

• Enabled full document lifecycle management to meet regulatory requirements and legal discovery needs

• Increased security and reliability from storing all approved project data in a single repository

• Safeguarded critical risk data with fine-grained security permissions and access control policies

• Enforced content management and record retention policies scalable to meet increasing volume of documents, test data and exhibits


“In the future, policy makers and regulators will probably demand that IT systems capture more and better data in order to gain greater insight into and control over how banks manage risk, pharma companies manage drugs, and industrial companies affect the environment.

Successful CIOs should enhance their relationships with internal legal and corporate-affairs teams and be prepared to engage productively with regulators. They will need to seek solutions that meet government mandates at manageable cost and with minimal disruption.”

- Mckinsey, 5 Trends that will Shape Business Technology in 2009

Regulators Demand More from IT


Meeting the Challenge


Looking Ahead

IT as a business

Services-oriented automation

Elastic capacity

Fungible technologies

“Change at the

speed of business”


Final Thoughts

• Set your compass

• Commit to the direction

• Chart your journey

• Course-correct


Documents

The following is intended to outline our general