Over at the Database Geek Blog, Lewis Cunningham has provided the first of three blog posts on Oracle Security. The first post is well done IMHO:
This is a three-part definition of Oracle Security (specifically in 10g but applies to later versions also). Part 1 covers the various types of security Oracle provides. Part 2 deals with Users/Schemas, Roles, Permissions and Data Access. Part 2 will be a more technical discussion than parts 1 or 3. In part 3, I will discuss implementing an Oracle auditing scheme and how to ensure you comply with security and audit regulations.