FOR MORE informative DECISIONS

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.
Complementary Solutions for Lawson S3 MONITORING AND AUDITING FOR LAWSON S3 November 2013 Presented by Dan Kinsey.
Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.
Efficient, Productive, Time-Saving Solutions ACTIVITY MONITOR Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view our.
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
Travel and Expense Management Scenario Overview
1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Dynamics GP and NFP’s Made for Each Other Presented by Lisa Armstrong Senior Consultant.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Computer Security: Principles and Practice
Network security policy: best practices
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Introducing the PI 2014 Demo New and Improved Presented By: Deidre Lawson – Product Manager.
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
Efficient, Productive, Solutions Thank you for taking the time to view our presentation. I’ll be your guide on how our Segregation of Duties application.
Security & Auditing Solutions for Infor-Lawson Software 1.
Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark,
Segregation of Duties for Infor-Lawson Software 1.
Security Architecture
Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Budget Module For Sage MIP Fund Accounting. Sage Requirements Fund Accounting 10.0 or higher Budget Module optional but required for multiple budget versions.
Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
BACKNEXT Georgia State University --- Expenditure Review Executive Summary -- Online Training Online Training for Georgia State University Expenditure.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Client/User Analysis Website Design. 2 Questions to be answered: What is the purpose of the site? What is the purpose of the site? Who is the site for?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Novell Compliance Management Platform Update CMP & CMP Extension for SAP Environments Leo Castro Product Marketing Manager Patrick Gookin.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
Solving document management issues for over 30 years Bob Hawley (800) x140 Welcome to Metafile Information.
Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
Test Automation Considerations with Regulatory Practices
Cash Handling – It’s my job
Review of IT General Controls
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
Automating Accounts Payable
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
Learn Your Information Security Management System
Cisco Data Virtualization
IS4680 Security Auditing for Compliance
Cash Handling – It’s my job
From Design to Cross Application Reporting
Information Security Board
Implementation Specialists Presents
Switchover from Teledeposit to VIRTUAL TERMINAL Moneris Solutions
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Pack Your Park by Modernizing Your Business Online
By Joseph Carnevale, CIP Partner & Director of Sales
Product Positioning, Partner Resources and recent developments
Pack Your Park by Modernizing Your Business Online
Contents subject to change.
Purge-it! USP's, pre-sales process & helping the customer to decide
IS4680 Security Auditing for Compliance
Stewardship in biotechnology
NAVIGATING THE MINEFIELD
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
3PL Software Solutions | Global Shipping Software
Presentation transcript:

FOR MORE informative DECISIONS Continuous Monitoring for Infor/Lawson Software FOR MORE informative DECISIONS

Agenda About Us Definition Benefits to Your Organization How It Works Continuous Monitoring for Infor/Lawson Software Agenda About Us Definition Benefits to Your Organization How It Works Audit Access Alerts Security Tuning Risk Analysis Demo Complimentary Solutions Services

Continuous Monitoring for Infor/Lawson Software About Us Founded in 1983, Kinsey has provided software sales, implementation, support and development for 34 years. Lawson reseller and implementation partner since 1997. Lawson certified systems integrator partner. Lawson complementary software partner. Lawson’s “Go to” implementation partner for public sector. Provide complementary Lawson software products.

Continuous Monitoring for Infor/Lawson Software Definition for EPR Continuous auditing is a tool for internal auditors mainly and to some extent external auditors to continually gather audit evidence to support auditing objectives and activities. This means collecting data on processes, transactions and accounts to establish compliance with regulation, procedures and policies. 

Benefits Audit Security Tuning Risk Analysis Access Alerts Objective: Continuous Monitoring for Infor/Lawson Software Benefits Objective: To collect information regarding user activity that can be used for auditing, security validation and procedural risk analysis. Identify over provisioned access Activity based SOD policy violations Unauthorized Form Access Lawson Activity User Form Date-Time Action (FC) Record Audit Access Alerts Security Tuning Risk Analysis

How It Works User Initiated Transaction Continuous Monitoring for Infor/Lawson Software How It Works Lawson IOS WebSphere Application Core IBM WebSphere Application Kinsey WebSphere Application Kinsey Server User Initiated Transaction JMS Queue holds the transactions to be processed JMS Queue holds the transactions to be processed Kinsey filter sends a copy of transaction to WebSphere JMS Queue for processing Kinsey application waits for WebSphere to send message Activity Database Transactions are held in the queue Take the Kinsey server off-line Lawson Processing

Continuous Monitoring for Infor/Lawson Software Audit Objective: To collect information regarding user activity that can be used to determine the user responsible for the transaction, the date and time of activity, the action taken and the record processed.

Audit Login Activity Current Login Activity Filter by: User Date Range Continuous Monitoring for Infor/Lawson Software Audit Current Login Activity Login Activity Filter by: User Date Range Transaction Source Drill to: Form Summary Record Detail

Audit Last Login Last Login Recorded Filter by: User Form Action Continuous Monitoring for Infor/Lawson Software Audit Last Login Recorded Last Login Filter by: User Form Action Date/Time Record Accessed Drill to: User Security

Audit Historical Activity Continuous Monitoring for Infor/Lawson Software Audit Historical Activity Capture every Portal or MS Add-in transaction processed by a Lawson user and filter by: User Form Function Code Date Record Key IP Address

Audit Metrics Metrics By System Code By Date Continuous Monitoring for Infor/Lawson Software Audit Metrics Metrics By System Code By Date

Unauthorized Access Alerts Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Objective: To identify when unauthorized access to a form has been breached. Method: Define alternative form privileges for a user Validate against user security Validate against user activity

Unauthorized Access Alerts Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Security Access by User BUILDING A RULE fnelson bthomas smiller hroberts BY USER fnelson bthomas smiller Role GLjournal Role GLadm Role APclrk GLprocess GLreports GLmaint APprocess Form=GL40.1 Rule= ALL ACCESS Form=GL45.1 Rule=ALL ACCESS Form=GL190 Rule=ALL ACCESS GL40.1 GL45.1 GL190 Full access is allowed for just these 3 users.

Unauthorized Access Alerts Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Security Access by Role BUILDING A RULE fnelson bthomas smiller hroberts BY ROLE GLjournal GLadm Role GLjournal Role GLadm Role APclrk GLprocess GLreports GLmaint APprocess Form=GL40.1 Rule= ALL ACCESS Form=GL45.1 Rule=ALL ACCESS Form=GL190 Rule=ALL ACCESS GL40.1 GL45.1 GL190 Full access is only allowed for users assigned one of these 2 Roles.

Unauthorized Access Alerts Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Based on User Activity BUILDING A RULE Found Activity for fnelson GL40.1 Found Activity for hroberts GL40.1 BY ROLE GLjournal GLadm fnelson bthomas smiller hroberts Role GLjournal Role GLadm Role APclrk Form=GL40.1 Rule= ALL ACCESS Form=GL45.1 Rule=ALL ACCESS Form=GL190 Rule=ALL ACCESS GLprocess GLreports GLmaint APprocess Full access is only allowed for users assigned one of these 2 Roles. GL40.1 GL45.1 GL190

Unauthorized Access Alerts Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Security Access HOW THIS WORKS Rule example: Where Role = bthomas, smiller or fnelson and Form = GL40.1, GL45.1 or GL190 and rule = ALL ACCESS This rule states that these 3 users are the only ones allowed full access to the 3 forms in the listed. Kinsey Rule Set No Has full access to any of these forms been assigned to another person? Search LS for users with All Access to GL40.1, GL45.1 GL190 Yes Build Notification

Unauthorized Access Alerts Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts User Activity HOW THIS WORKS Rule example: Role = GLjournal or GLadm and Form = GL40.1, GL45.1 or GL190 and rule = ALL ACCESS This rule states that the only users allowed full access to the 3 forms listed must be assigned either the GLjournal or GLadm role. Kinsey Rule Set No Have any of the listed forms been accessed by anyone else? Create a list of Users based on Rule. Yes Build Notification.

Security Tuning Objective: Continuous Monitoring for Infor/Lawson Software Security Tuning Objective: Provide information that can be used to improve security by limiting access based on actual user activity.

Security Tuning User Security versus Activity Continuous Monitoring for Infor/Lawson Software Security Tuning User Security versus Activity By combining Kinsey’s User Security Report… with the User Activity Report….

Security Tuning User Security versus Activity Continuous Monitoring for Infor/Lawson Software Security Tuning User Security versus Activity …we can determine the forms a user has access rights to but may or may not be using. Filter by: User Role Security Class Form Date Range

SOD Risk Analysis Objective: Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Segregation of Duties (SOD) reporting validates that you have the proper checks and balances in place to prevent fraudulent activity. Objective: To determine which users and policies present the highest degree of risk.

SOD Risk Analysis Violation Report Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Violation Report By comparing your security settings… to our SOD policies….

SOD Risk Analysis Violation Report Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Violation Report …we can create an SOD violation report by User. Example: Payables (153); Investigate Discrepancies or Expenditure issues conflicts with Initiate Checks for Expenditure.

SOD Risk Analysis Risk Analysis Grid Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Risk Analysis Grid The Risk Analysis Grid combines the SOD Violation report with actual user activity to highlight the policies with the highest degree of risk. Example: Payables (153); Investigate Discrepancies or Expenditure issues conflicts with Initiate Checks for Expenditure. User ‘s Security violates the SOD Policy however the there is no form activity pertaining to the rule. User ‘s Security violates the SOD Policy and at least 1 policy group has activity. User ‘s Security violates the SOD Policy and both policy groups have activity.

SOD Risk Analysis Policy Access Grid Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Policy Access Grid By drilling on a specific violation you can view the User’s security settings and a policy access grid. Drill to Security Reporting Drill to User Activity

Continuous Monitoring for Infor/Lawson Software Product Demo

Complimentary Solutions Continuous Monitoring for Infor/Lawson Software Complimentary Solutions Activity Monitor Audit Security Tuning Unauthorized Access SOD Reporting 200+ Prebuilt Policies Violation Reports Email Notifications Audit all object changes Email Notifications Security Auditing Selectively audit over 6500 Lawson Forms Transaction Auditing User Role Security Class Usage Comparison Security Reporting Risk Analysis Grid Security Modeling SOD Remediation Security Modeling Build What-if scenarios for Users, Roles, Forms Landmark Reporting Actor Role Security Class Lawson LPL Detail

Services Installation Security Consulting Training Continuous Monitoring for Infor/Lawson Software Services Installation Security Consulting Remote installation services take between 1 and 3 days depending on the product selected. After testing most customers are fully operational within 2 weeks. Our team of security consultants have assisted over 60 Lawson clients build and maintain Lawson Security. Training Training is also done remotely using Kinsey certified Lawson consultants. Training takes anywhere from 1 to 3 days depending on the applicaitions selected.

Thank you for attending! Continuous Monitoring for Infor/Lawson Software Contact Us g.henson@kinsey.com Kinsey & Kinsey, Inc. 26 North Park Boulevard Glen Ellyn, IL. 60137 630-858-4866 call 757-621-8236 www.kinsey.com Thank you for attending! We hope you found it helpful!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.