This paper is very well written and covers a good degree of the ground to get anyone started on trying to secure a database. It covers the installation, parameters, users and profiles, default accounts, how to use auditing, even defunct accounts, password management, roles and privileges and of course the listener. KK also talks about controls within the database such as the product user profile functionality for controlling access through SQL*Plus. He covers Virtual Private Databases (VPD) and encryption. KK also gives good advice on how to focus any audit of an Oracle database.
This is a good overall discussion on Oracle security and anyone starting to think about auditing an Oracle database should read it before delving into more detailed discussions and tools.