Liz Piteo Native Controls in a Microsoft Dynamics Environment.

Slides:

Advertisements

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

Advertisements

Service Manager for MSPs

Presentation by Priyanka Sawarkar

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

For Developers Who Hate SharePoint.  ~5 years web development experience  1 ½ years SharePoint experience  First worked with SharePoint in Dec. 2006,

ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.

Tom Sheridan IT Director Gas Technology Institute (GTI)

Common Change Management Challenges for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

ManageEngine ADSolutions Identity and Access Management Auditing & Reporting for Compliance.

Best in Class Controls for AP The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew.

Full Cycle: AMS’ Loss Control Environment is a full cycle loss control management solution that offers comprehensive management of the entire inspection.

Extranet Collaboration Manager Professionally manage your SharePoint Extranet and Users Peter Roth (408)

Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.

Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark,

Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Enterprise Security for Microsoft Dynamics GP Jeff Soelberg

GPPC Connections 2011 | November 6-8 | Las Vegas, NV Support Debugging Tool for Partners Mark Polino, CPA, I.B.I.S., Inc. Principal Consultant, Microsoft.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Deployment, Administration and Performance Jeff Soelberg Fastpath Sarah PurdyMicrosoft.

System Center Operations Manager 2007 Overview Amit Gatenyo Infrastructure & Security Team Lead Dario.

Windows Role-Based Access Control Longhorn Update

2013 Regional Training Day 1 Presenter: Anita Luce Helping you move faster!

Microsoft Management Seminar Series SMS 2003 Change Management.

INTRO TO SHAREPOINT WORKFLOWS Derek Nishino Nishino Consulting

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 10: Implementing Administrative Templates and Audit Policy.

Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.

Microsoft Dynamics NAV: Tips and tricks for security methodologies Andy Snook and Nate Boettcher Fastpath, Inc.

Making Microsoft Dynamics® GP Work Simpler and Easier Presented by: Alicia Weigel GPUG Partner Showcase 2014 Work Simpler & Easier®

Security. Audit. Compliance. Mark Polino CPA.CITP.CFF, CGMA, Microsoft MVP Dynamics Credentialed Professional Naked and Afraid: Re-implementing.

6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.

Explore engage elevate Data Migration Without Tears Mike Feingold Empoint Ltd Tuesday 10th November 2015.

Security. Audit. Compliance.

Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.

Unlocking the Dynamics AX 2012 Security Model

Tips and Tricks: Stress Free Security in Dynamics AX Chris Haley, Microsoft.

Exploreengage elevate explore engage elevate Presented By: Laura Murphy, Turnkey Technologies.

50 Tips in 50 Minutes: The Builders Wally Dodds Dorado Solutions, Inc.

Microsoft Dynamics NAV Microsoft Dynamics NAV managed service for partners, under the hood Dmitry Chadayev Corporate Vice President, Microsoft.

Sandy Wickman Senior GP Implementation Consultant, InterDyn BMI Making it work with Workflows in Dynamics GP.

Best Practices for setting up Audit Trails in Dynamics NAV

Andy Snook Fastpath gives you insights on your CRM data that would make the NSA jealous Andy.

Dynamics GP Security - A to Z

Stop the madness - How to balance to the GL

Active Directory Management Software Borna

Welcome! Microsoft Dynamics GP User Group (GPUG)

Best Practices for Dynamics NAV Administration and Security

Naked and Afraid: Re-implementing Dynamics GP Security

Dynamics GP SmartList and SmartList Designer

Ora Goldman, CEO, Mekorma

Security. Audit. Compliance.

Best Practices for Setting up Audit Trails in Dynamics GP

Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro.

How to improve how you use Microsoft Dynamics gp

Security. Audit. Compliance

Implementation Specialists Presents

Power Apps & Flow for Microsoft Dynamics SL

Security. Audit. Compliance.

Security. Audit. Compliance.

Microsoft Office System 2007: Records Management

Making Microsoft Dynamics GP Work Simpler & Easier

Navigating GP Security

Extend Excel with Smartlist Designer

ESS and Workflow Cale Tanguay and Jodi Dare.

New York-Rochester CHAPTER MEETING

Shawn Dorward – InterDyn Artis

Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.

SysKit Security Manager

Topics Today Capability Efficiency Troubleshooting

Presentation transcript:

Liz Piteo Native Controls in a Microsoft Dynamics Environment

@GPUG Introduction  About Me – Certified in Microsoft Dynamics GP – Certified in Risk and Information Systems Control – 16 years experience in Microsoft Dynamics GP  About Fastpath – Audit and security solutions for Microsoft Dynamics – Over 1000 installations in 30+ countries – Named 2013 Industry Leader by Institute of Internal Auditors

@GPUG Agenda  Security Model  Security Reporting  Administrative Access  Segregation of Duties  Audit Trails  Workflow  Surviving the Audit

@GPUG Security Model

@GPUG Security Model Role > Task > Object POWERUSER Password complexity integrated with AD  New for GP – Limited user 2013 Limited to Inquiry and Reporting New flag on all forms to limit access – Self Service 2015 – Enable/Disable User – Alt/Mod Profile Revert to Default

@GPUG Security Reporting  Standard role/task/user reports  Build a Smartlist  Support debugging tool  Converted GP 9 roles  hp hp  POWERUSERS don’t show on access reports

@GPUG Support Debugging Tool  Available on Partnersource for now  There will be a fee for the product but it’s free now  Some great features include – Easy way to know you’re in a test company – Quickly and easily see security information regarding specific windows (roles and tasks) – screenshots of your open windows along with dex.ini and dynamics.set files – And many more!

@GPUG Using Smartlist for Security Reporting  Build a Smartlist – 2 new ones included in GP 2013  Smartlist example

@GPUG Security Reporting  Knowledgebase article – Frequently asked questions about role-based security in Microsoft Dynamics GP 10.0 and Microsoft Dynamics GP 2010 (Article )  Minimizing the use of ‘sa’ – paper-minimizing-the-use-of-sa-in-microsoft-dynamics-gp paper-minimizing-the-use-of-sa-in-microsoft-dynamics-gp  Support Debugging Tool  Security Information  Security Profiler  Table Import/Export for security 

@GPUG Administrative Access  POWERUSER Role – Programmatic role – Try to limit access by creating your own admin role  ‘sa’ and DYNSA – ‘sa’ no longer required for GP admin activities  Sqladmin role – Assign to GP user to elevate SQL privileges – User provisioning, maintenance, and company creation

@GPUG Segregation of Duties  No standard functionality  Build a rule set for your risk profile  Balance preventative with productivity  SQL queries to pull critical access

@GPUG Audit Trails  No standard functionality  Activity Tracking – Log in log/out tracking – Successful attempts to open a window – DYNAMICS..SY05000 – 3rd party Audit Trail solutions – Build your own audit trail

@GPUG Workflow  New to GP 2015 Workflow now inside GP  Requires Sharepoint services GP 2012 and prior  Standard templates available (POs, batch approval, etc.)  Custom workflow possibility

@GPUG Workflow

@GPUG Surviving the Audit  Be proactive – Define corporate risk  Design reports and reviews – Periodic and consistent  Provide evidence  Who has access?  What did they do with that access?

@GPUG  Questions?

Liz Piteo Best Practices for setting up Audit Trails in Dynamics GP

@GPUG Agenda  How to determine what to audit  Organization’s risk profile/high risk areas  Setting up audit trails  Pitfalls and practices to avoid  What do you do with the audit data after you collect it

@GPUG Determining what to audit  Organizational risk  Segregation of duties  Outside controls  High $ impact  Audit requirements

@GPUG Risk profile  Where are your high risk areas?  Do you have adequate segregation of duties around those risk areas?  What types of risk do you have  Can you qualify and quantify these risks?  Identify probability and impact of risks

@GPUG Audit Trail Best Practices  Base your audits on your risk profile  Find the right balance  Use your reports to filter out information  Start small  Put the ownership of the product/reports into the hands of the BPOs  Review, review, review!!!

@GPUG Pitfalls!!  “I want to audit EVERYTHING”  Using audit trail reports as a substitute for operational/financial reports  Inefficient audit reports  500 vs 1,000,000

@GPUG What do you do with the data after it’s collected?  Review, review, review!  Who owns the data?  Are the reviews being done in a timely fashion?  Visibility to the who, what, where, when and how