Microsoft Dynamics NAV: Tips and tricks for security methodologies Andy Snook and Nate Boettcher Fastpath, Inc.

Slides:

Advertisements

Similar presentations

Project Management with VIVA PPM Tool (Project Portfolio Management)

Advertisements

Implementing Tableau Server in an Enterprise Environment

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.

Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.

Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.

Visual Studio Team System (VSTS). Richard Hundhausen Author of software development books Microsoft Regional Director Microsoft MVP (VSTS) MCT, MCSD,

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.

1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

Audit and Security for Microsoft Dynamics GP Andy Snook

1 Copyright © 2014 PPM 2000 Inc. SINGAPRORE, AUGUST 2014 Denis O’Sullivan, CPP INCIDENT MANAGEMENT TECHNOLOGY CHALLENGES.

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

© 2011 Financial Operations Networks LLC AP Policies and Internal Controls for Running a Tight Ship Panel: Susan Tinkler-Muller Mike Iverson Rob Rogers.

G RADUATE PROJECT IT Policy and Audit FA D’Mico Johnson.

1 ‘Title’ Deployment Package for Profile X Version X – Month-Day-20XX.

Efficient, Productive, Solutions Thank you for taking the time to view our presentation. I’ll be your guide on how our Segregation of Duties application.

Segregation of Duties for Infor-Lawson Software 1.

Bring Your Business into the 21 st Century : Part 1 WasteExpo 2011 Improving Your Financial Management System.

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

0 0 Six Sigma – Financial Overview. 1 1 Roles and Responsibilities of the Finance Support Team Policy Setting – Define Savings/Benefits – Provide tools.

Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Enterprise Security for Microsoft Dynamics GP Jeff Soelberg

0 Six Sigma Project Guidance. 1 Roles and Responsibilities of the Finance Support Team Define Savings/Benefits Provide Financial Support – Project Selection.

presented by Oliver Lamaca Customer Account Manager.

Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.

Tips and Tricks for Managing and Administering your Enterprise Project Management Server Solution Mike Joe / Karthik Chermakani Software Test Engineer.

Novell Compliance Management Platform Update CMP & CMP Extension for SAP Environments Leo Castro Product Marketing Manager Patrick Gookin.

2013 Army Financial Management & Defense Finance and Accounting Service Customer Workshop Defense Access Control System (DACS) Defense Finance Accounting.

Leon Tu Applications Technology Group Oracle Corporation

Dime.Scheduler Hold on…the broadcast will start in a minute. Resource Planning with.

SG SCM with MKS scmGalaxy Author: Rajesh Kumar

T OOLS FOR I MPLEMENTATION S UCCESS. Agenda Overview of Stoneridge Software Secrets to Implementation Success Lifecycle Services SharePoint Repository.

Security. Audit. Compliance. Mark Polino CPA.CITP.CFF, CGMA, Microsoft MVP Dynamics Credentialed Professional Naked and Afraid: Re-implementing.

ONLINE KNOWLEDGE PRODUCT OF SAP GRC Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA

Security. Audit. Compliance.

 Complete solution for NAV Security ◦ RoleTailored and Classic Client  Field Level and Data Security ◦ Security beyond NAV’s standard abilities  Logins.

Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.

Unlocking the Dynamics AX 2012 Security Model

Liz Piteo Native Controls in a Microsoft Dynamics Environment.

Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft.

BEST PRACTICES FOR DYNAMICS NAV ADMINISTRATION AND SECURITY Per Mogensen.

Cloud Network Administrator, Njevity

Best Practices for setting up Audit Trails in Dynamics NAV

Building Enterprise Applications Using Visual Studio®

Andy Snook Fastpath gives you insights on your CRM data that would make the NSA jealous Andy.

Dynamics GP Security - A to Z

Best Practices for Dynamics NAV Administration and Security

Naked and Afraid: Re-implementing Dynamics GP Security

Security. Audit. Compliance.

Security Management: Successes and Failures

Best Practices for Managing Security in Dynamics AX

Using excel as an enterprise business platform

Security. Audit. Compliance

From Design to Cross Application Reporting

QAD Enterprise Edition Segregation of Duties

Security. Audit. Compliance.

Xilinx: SOX slides for NorCal OAUG

SAP GRC EOH GRC Solutions Divisional divider Option 1.

Welcome to Cyber Recruiter – Administration Training

Design Secure & Compliant Roles for Oracle ERP & HCM Cloud

Implementation of ERP Solution QASoft

Automated Testing Strategies and Dynamics 365 Performance Management

Customizations vs Extensions

ESS and Workflow Cale Tanguay and Jodi Dare.

SharePoint Server Assessment Results

Implementing Separation of Duties (SoD) in SQL Server

Microsoft Dynamics 365 Application security

Presentation transcript:

Microsoft Dynamics NAV: Tips and tricks for security methodologies Andy Snook and Nate Boettcher Fastpath, Inc.

Agenda Introductions Common challenges Planning Deploying Testing Troubleshooting Auditing

Introductions

About Andy President of Fastpath Certified in Risk and Information Systems Control 17 years experience in financial management systems 10 years experience in systems auditing

About Nate Applications Engineer at Fastpath 5 years experience in software development 3 years experience in Microsoft Dynamics

About you Microsoft Dynamics NAV Version Role Security admins Finance Audit Regulatory compliance SOX FDA DCAA LMNOP

Common challenges

Access security is low priority for the project team Everyone is SUPER! Security is the domain of IT/Sys Admin not BPOs Expensive customisations in place of security Process controls not part of the design No consideration of segregation of duties Dilution of ‘go-live’ security design Inability to report on current security setup

Planning

Avoid the house that Jack built Implementation and upgrade time is perfect Start with process not with technology Include roles, systems, risks and controls End result is a role matrix

Six Sigma Process Map

Role matrix

Segregation of duties Have a methodology Build rules ( me for ISACA SOD set) Balance preventative vs. productivity Don’t forget about process controls The goal is a blend of security and controls

Deploying

NAV 2013 Security Model

Deploying – Moving from your plan to NAV – Out of the box permission sets – Use as templates – S&R-Q/O/I/R/C – Create sales orders etc. – S&R-Q/O/I/R/C,POST – Post sales orders, etc. – BASIC

Testing

Utilize your plan from planning stage Have at least one person for each employee type Validate each process for permission errors Troubleshoot any permission errors Rinse and repeat

Troubleshooting

Manual Application Test Toolset – Code Coverage Tests Easy Security Lite Task Recorder using SQL Sever Profiler

Auditing

Don’t set and forget Take a risk based approach to reviews BPOs should review access Monitor SUPER access Update processes, rules and matrices

@nboettcher