1

<Insert Picture Here>

Enterprise Security & GRC Global Partner Strategy

Sean Cronin – Sr. Director, GRCKen Zeng – Sr. Director of Technology Global Sales SupportLaura Romero – Director, Global Partner Strategy

3

Agenda

• Oracle At-A-Glance• Global Market Trends• Oracle GRC Platform• Oracle Security & GRC Strategy• Market Opportunity• Partner Initiative Overview• More Information & Contacts• Q&A

4

Oracle At-a-Glance

Globally…

#1 in Database

#1 in Supply Chain Mgmt

#1 in Customer Relationship Mgmt

#1 in Human Capital Mgmt

#1 in Industries

- Retail

- Communications

- Public Sector

- Professional Services

- Financial Services

• 275,000 total customers

• 220,000 database customers

• 30,000 applications customers

• 19,000 SMB apps customers

• 30,000 middleware customers

• 17,700 partners

• 60,000 employees

• 14,000 developers

• 7,000 support staff

Founded in 1977. Headquarters in Redwood Shores, CA with operations in 145 countries.

5

Rebuilding TrustShareholders and consumers demand more transparency, less risk

CONSUMERS & EMPLOYEES• Protect personal information • Less risk around products and services• Social and environmental responsibility

SHAREHOLDERS• Increasing levels of shareholder activism• Seeking advisory vote on executive pay and

selection of board of directors• Growing power of individual investors and

hedge funds

BOARD OF DIRECTORS• Highlight enterprise risk as area where more visibility is needed

Source: Mckinsey, 2007

What they want…

Source: Economist, 2007

Source: Mckinsey, 2006

A survey of global consumers shows that public trust in business leaders fell to 28% in 2006, down from 36% at the peak of corporate scandals in 2002.

Source: Mckinsey, 2007

6

<Insert Picture Here>

Risky Business: Financial Services

• Bank of America, Wachovia Customer account information was illegally sold by bank employees to a business posing as a collection agency. More than 670,000 customer accounts may have been breached. Source: CNNMoney, May 2005

• Citibank Mass theft of debit card PINS results in several hundred fraudulent cash withdrawals in Canada, Russia, and the U.K. This follows the loss of unencrypted tapes containing information on 3.9M customers. Source: InformationWeek, March 2006

• Nationwide Building Society The U.K.’s largest building society was fined £980,000 for failing to have effective systems and controls in place to manage its information security risk. Source: OpRisk & Compliance, March 2007

• Capita Financial Administrators Third-party administrator of collective investment schemes was fined £300,000 for poor anti-fraud controls over client identities and accounts. The firm discovered that client names and addresses had been changed, and sale of units processed without orders from the client.  

Source: OpRisk & Compliance, April 2006

7

<Insert Picture Here>

Risky Business: Pharma and Healthcare

• WellPointHealth Insurer WellPoint settled claims brought by over 700,000 physicians against six major U.S. health insurers, agreeing to pay $198 million for miscoding legitimate reimbursement claims. As part of the settlement, WellPoint agreed to invest in IT and reform its payment system with enforceable standards for properly coding claims. Source: iHealthBeat, July 2005

• American Red Cross In 2006, the FDA fined the American Red Cross $4.2 million dollars for violating blood handling safety requirements that stemmed from poor quality controls, assurance and inventory audit management, along with inadequate donor screening standards. Source: WSVN News, September 2006

• Biogen IdecIn January 2007, Biogen Idec Inc. settled with the Office of the Attorney General in Vermont after failing to file its financial disclosures regarding its promotion and other marketing activities for Fiscal 2003 and Fiscal 2004 by the state’s deadline.

Source: Center for Business Intelligence, May 2007

• HealthSouthFormer CEO Richard Scrushy was sentenced to nearly seven years in federal prison, while former Alabama Gov. Don Siegelman was sentenced to more than seven years, for related crimes in their bribery and corruption case. Prosecutors requested at least 25 years for each.

Source: The Wall Street Journal, June 28, 2007

8

<Insert Picture Here>

Risky Business: Data Privacy

• Mellon BankFor a violation of the Fair Debt Collection Practices Act, in which employees destroyed 80,000 unprocessed Federal tax returns and tax return checks in an attempt to conceal failure to meet IRS processing deadlines, Mellon paid a fine of $18.1 million and closed its tax processing center. Source: Unbossed.com, April 27, 2005

• ChoicePointIn addition to paying $500,000, ChoicePoint has agreed to a monitored customer data protection program as part of its settlement with 43 State Attorneys General and the District of Columbia, stemming from a 2004 personal database breach. ChoicePoint was fined $15 million in its 2006 Settlement with the Federal Trade Commission for violations of the Fair Credit Reporting Act resulting from this incident.

Source: Statesman.com, June 1, 2007

• Crédit Lyonnais French data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL) announced its first-ever fine, amounting to EUR 45,000 (U.S. $57,556) against Crédit Lyonnais. CNILaccused the bank of violating French privacy law and obstructing investigations by “abusively” recording names of clients with bad credit managed by the French central bank. Crédit Lyonnais also erroneously informed the French central bank of fraudulent use of debit cards by customers, although these customers had other financial incidents.

Source: Winston & Strawn, LLP, June, 2006

• Xanga.comXanga.com, a social-networking and blog site, will pay $1 million in a settlement with the Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA). Xanga had been letting users create accounts even if the dates of birth they entered indicated that they were under the age of 13, and with no provisions for parental notification. Source: CNET News.com, September 8, 2006

9

Savings on legal liability avoidancefrom GRC investment

Source: General Counsel Roundtable, 2006

Spending on Compliance

Savings on Lower Legal Liability $1$5

# of GRC projects

Ad hocApproach

PlatformApproach

Resources for innovation

Opportunity cost of siloed GRC

Cost of GRC

Ounce of Prevention Worth a Pound of Cure

Source: Lord & Benoit, 2006

Share-price performance of companiescomplying with SOX rules

28%26%

6%Control weakness in 2004, but none

in 2005

No control weaknesses in 2004 -05

Reported control weakness 2004-05

Information protection less costly than breaches

Source: Gartner, 2005

Spending on Security

Cost of a Data Breach

$6$90

10

70%

IT’s Role in Rebuilding Corporate TrustThe need for IT Governance

Security

Source: Ponemon Institute, 2005

70%The Ponemon Institute finds that

of all reported security breaches were due to insiders

Strategy

69%

66%

57%

Compliance

Majority of 400 directors surveyed recognize that the right IT strategy is very important for

Customer Satisfaction

Managing Risk

Source: Corporate Board Member/ Deloitte Consulting, March 2007

Control

2%2%When a company announces a security breach, its stock price can drop by

Source: Gartner, 2005

“More than 80 per cent of IT groups may be incapable of satisfying many of the laws and regulations, such as HIPAA and 21 CFR Part 11, that require change-related audit trails and accountability over material configuration items.”

Gartner warns that

11

Financial S

ervice

s

Financial S

ervice

s

Public S

ector

Public S

ector

Financial

Compliance

Financial

Compliance

IT G

overn

ance

IT G

overn

ance

……

LogicalApps - GRC Controls

Access Controls

Setup Controls

Transaction Controls

Oracle GRC ManagerRisks Assessments IssuesProcesses

PoliciesProcedures Remediation

Fusion GRC IntelligenceReportsDashboards Alerts

Key Risk & Control Indicators

Repository

Infrastructure Services

Data Security

Identity MgmtContent Mgmt

Change Mgmt

Data Audit

Oracle Delivers a Comprehensive

Platform for Governance, Risk, and Compliance

Management

Oracle GRC Platform

12

Oracle Security & GRC Strategy

The Oracle Investment• Partners – Software, Platform, Infrastructure & Services • Products – Comprehensive, Industry Leading Solutions;

Common Integrated Security Across Applications & Data Infrastructure; Hot-Pluggable & Open

• Customers – Enabling & Ensuring Sustainable Compliance and a Secure Infrastructure

13

Market Opportunity

Oracle• Secure and maintain Oracle’s leadership position• Oracle’s install base demands it of all of us • New doors to knock on with a different audience• Sell complete partner-enabled solutions and services that

address multiple security and GRC business requirements

Partners• Increase partner value proposition by leveraging Oracle’s

technology and applications, position and brand• New opportunities through access to the Oracle customer

base and Oracle sales• Participation in focused market events by region

14

Partner Initiative Overview

FOR IMMEDIATE RELEASE

Oracle Unveils Enterprise Security and Governance, Risk and Compliance Initiative for Partners

Enables Oracle Partners to Deliver Comprehensive Solutions to Help Customers Address Regulatory Mandates, Organizational Complexity and

Risk Management Requirements

REDWOOD SHORES, Calif., - Nov. 8, 2007

15

Security & Compliance Initiative StrategyObjectives

• Generate net new revenue (increase influence rate & resale)• Increase Oracle product adoption & integration among ISV community• Create ecosystem of partners identifiable by solution and business

issues solved• Enable partners to sell and implement security and compliance

solutions based on Oracle technology

Approach• Create formal program and standardized framework• Identify target initiative partners by solution or service, commitment to

Oracle and market presence• Leverage SIs and Platform Vendors as channel to bring ISV solutions

to market• External content highlighting Oracle’s security & compliance solutions

including integrated partner components• Create an ecosystem of strategic partners that the regions can

integrate into local sales initiatives & go-to-market activities

16

Enterprise Security & GRC Initiative Update

Current• Security & Compliance Initiative

• Loose criteria & approval process

New Initiative Updates• Enterprise Security & GRC Initiative

• Supports Oracle’s updated product strategy

• Open to partners with solutions and/or services for enterprise security, identity management, IT governance, risk management and compliance management

• Partner Solutions are complementary to Oracle’s offerings in this space

• More selective in order to add value and validity to the partner ecosystem and our overall strategy

• Better benefits for greater visibility

17

Criteria to Apply for Initiative

• OPN member in good standing• Acceptance in Database or Fusion Middleware Product

Focus• Published Solutions Catalog profile• Existing Enterprise Security and/or GRC solution or

service offering• Solution that is complementary to Oracle products &

services• Completed application & acceptance based on review of

qualifications

• Note: Applications will be reviewed at the regional and global levels prior to acceptance

18

Application Process

1. Review the criteria for and information on Enterprise Security & GRC Partner Initiative on the OPN Portal• Click on Engage with Oracle• Then on the Go-to-Market link• Find the link to Enterprise Security & GRC

19

Initiative Overview Page

20

Application Process

2. Complete the application online – includes:• Company information

• Product , solution or service description

• Sales and marketing information including business issues addressed by solution or service, customer information

• Business case for initiative participation

• Value proposition to Oracle sales

3. Application is reviewed by regional Alliances & Channels team for completeness and fulfillment of criteria

4. If an ISV, application is reviewed by Development

5. Email response to be sent to you within 15 business days

6. If approved, your company will be flagged as Accepted and you will see a link on the Engage with Oracle page (under My Company Initiatives)

21

Initiative Benefits

• Recognition as a key partner in the Oracle Enterprise Security and GRC partner ecosystem

• Visibility to Oracle sales & customers on Oracle.com• Eligibility for Security Strategy Workshops• Consideration for inclusion in the Enterprise Security and GRC

solution map• Consideration for targeted sales and marketing opportunities and

participation in events and promotions by region • Consideration for inclusion in Oracle press and analyst activities

focused on Oracle’s security and compliance strategy• Consideration for “expert services” bundles with Oracle Consulting• Access to the Enterprise Security & GRC Initiative Dashboard

22

So What? Who Cares?Initiative Value Proposition

For Oracle • Oracle can satisfy customer demand for solutions that enable and ensure

enterprise security and sustainable regulatory compliance, risk management and corporate governance by leveraging our partners’ assets to drive more revenue.

For Partners• Partners can differentiate themselves and help prospective and existing

Oracle clients rationalize their current position and exposure, by mapping solutions to Oracle technology and applications that help fill clients’ security and compliance gaps.

For Customers• Access to a portfolio of qualified solutions and services that help reduce

cost and complexity by managing multiple GRC requirements on a single platform, enable visibility of GRC related activity across the enterprise and safeguard brand and reputation.

23

Metrics for Success

• Expanded partner ecosystem and portfolio of complementary solutions and services

• Extended security & GRC solution and services map• Increased Resell/Co-sell Revenue• Increased partner awareness & training• Increased Oracle footprint, product adoption and

services development among partner community• Partner & Customer References

24

More Information…

Enterprise Security & GRC Initiative Teaser Page

http://www.oracle.com/partners/home/bi/global/security_idty/unauth/index.html

Oracle Products & Solutions

http://www.oracle.com/grc

http://www.oracle.com/security

Initiative Partners

http://solutions.oracle.com (Keyword Search “GRC”)

25

Contacts

• OPN Interaction Centers• prn-nas_in@oracle.com - North America OPN IC• opnic_ro@oracle.com - EMEA OPN IC• opnlad_ww@oracle.com - LAD OPN IC• opnbr_ww@oracle.com - Brazil OPN IC• prn-apac_au@oracle.com - APAC OPN IC

• Additional OPN Information• opninfo_us@oracle.com - Global OPN Email Box

26

Meet the Partners at Oracle OpenWorld

27

Q&A