Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Slides:

Advertisements

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

Advertisements

Time & Labor Management Solutions

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

Ultimate Bundle Overview Products Benefits Technical Requirements Licensing Pricing Valid until 01-Sep-2010.

Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.

We, at Vipara TechnoSoft specialize in delivering high quality, flexible, cost effective, reliable, result-oriented applications which can be capitalized.

“The Honeywell Web-based Corrective Action Solution”

Easy to use Ability to attach policies/procedures to call types Ability to schedule calls in advance Officer safety alerts Robust search capabilities.

GL Interfaces 1 Using General Ledger Interfaces The File Maintenance and Procedures to successfully use the General Ledger Interfaces Jim Simunek, CPIM.

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services

XA Environment Archive and Purge Strategy Optimize your XA environment! Belinda Daub CISTECH Sr. Technical Consultant Ben McCormick.

Enhancement Summary Moving Forward with XA IFM Enhancements R7.8 & R9.

Order Based Production Management

Enhanced Security Management, Separation of Duties and Audit Support for XA Belinda Daub, Senior Consultant Technical Services

Using XA Browser/Power-Link Preferences to Improve Efficiency

SmartConnect Integrations

Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.

Jewelry Inventory Management Software Your Logo Here Welcome to a demonstration of Del Mar Data Systems Jewelry Inventory Management.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

1. Failure is when users do not feel they get what they paid for. 2. Failure is when the overall organization fails to adopt the solution.

PAYMENTNET at the University of Pennsylvania New Purchasing Card Management Software Application February 7, 2007.

Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.

Due to the competitive nature of this document, the information contained within is considered to be of a proprietary and confidential nature and shall.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Computer Security: Principles and Practice

SAP An Introduction October 2012.

Train The Trainer Employee Central Administration

Complete Weekly Timesheets Select work. Add hours and comments Tell Mgr if ETC=0 and need more time. Tell Mgr if using someone else’s ETC. End week, change.

2010 Practice Management Annual Conference PCLaw® Office Efficiency Tools – Calendaring, Phone Call & Document Management Presented by: Deborah Schaefer.

An Overview of IFM R9 “Who moved my Stuff……..” IFM at R9 CISTECH Tuesday Education Session Series Jim Boyer CISTECH – Sr. XA Consultant.

Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.

Time & Labor Management Solutions. Who is Time America? Arizona-based provider of Time and Labor Management solutions Over 17 years experience bringing.

Professional Development Programs

XA R7.8 Upgrade Process and Technical Overview Ruth Anne Pharr Sr. IT Consultant, CISTECH Inc.

Denise Luther Senior IT Consultant Practical Technology Enablement with Enterprise Integrator.

Employee Central Administration

Presenter name. Ryan Brandon Exan Group What’s New with axiUm New Features in axiUm Patient Self-Service Options Future Plans axiUmSupport.com.

This presentation is the property of Paradigm Information Systems It is confidential to the intended recipient for the purpose of evaluating FMS Any other.

R7 Integrator and Enterprise Integrator: Look at everything you can do with XA!!! Denise Luther, Senior Consultant Technical Services.

Automate your Backups with iSeries Operator Belinda Daub CISTECH Senior Technical Consultant

Segregation of Duties for Infor-Lawson Software 1.

Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

XA R7.8 Link Manager Belinda Daub Sr. Technical Consultant 1.

Plan Design Analyze Develop Test Implement Maintain Systems Development Life Cycle MAT Dirtbikes.

1 Warranty and Repair Management For Infor XA Release 7 WARM Denise Luther – Sr. XA Consultant WARMS Technical Manager CISTECH, Inc. Rod Fortson – Sr.

1 Automatic Tracing of Program and File Changes on IBM i Inside Change Tracker.

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.

Is Your Business Ready For The Ultimate Business ERP Solution.

Managing a MAPICS R7/R9 PowerLink Environment (704)

Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Enterprise Integrator CISTECH R7.8 SERIES Denise Luther Senior Consultant, Technical Services

R7 Integrator and Enterprise Integrator: You won’t believe this is XA… Deborah Vermillion, VP Consulting Services, CPIM, CIRM Belinda Daub, Senior Consultant.

9,825,461,087,64 10,91 6,00 0,00 8,00 Information and Communication Networks HiPath ProCenter Compact Reporting.

Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.

Canadian Payroll and HR Presented By: Diane Lee Sousa.

Flexible Registration for Community Education Dottie Marron Delivery Center Manager Student Administrative Services Consulting Center.

Differences Training BAAN IVc-BaanERP 5.0c: Application Administration, Customization and Exchange BaanERP 5.0c Tools / Exchange.

XA Advanced Development with Extender and Enterprise Integrator: RPG is so 1980s… Denise Luther Senior Technical Consultant 704.

Implementing Multicurrency in an Existing Dynamics GP Environment Rod O’Connor 20-NOV-2014.

7 Customize your home page Navigation list used for approvals 8.

SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.

Review of IT General Controls

Automating Accounts Payable

Shell LubeAnalyst: NEW Features Improved customer experience

Presentation transcript:

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

1.Introduction to Enhanced Security 2.Implementing a Security Model 3.Auditing and Reporting 4.IFM Security Information 5.iSeries Profile and Object Authorities 6.Prerequisites Agenda

Why is it necessary? Auditor Requirements Documented security policy and procedures Formal approval for user rights Regular auditing and monitoring Protect investors, employees, community CAS Security Difficult to determine how user has access to tasks No auditing capability Risk to productivity when changes are made iSeries Security Many factors affect user access to system and objects No central management tool Enhanced Security for XA

ES can help Add-on application written using Integrator Implemented by environment XA components: Security Modeling and Planning Routine Auditing and Reporting View Current User Rights iSeries components: User Profile auditing Object Authority auditing Enhanced Security for XA

Power and Flexibility of the XA Client architecture: –Create views and subsets –Export to Excel Add-on Application using Integrator

Install in each environment Includes all CAS tasks (if assigned to an area) Includes IFM Application tasks (in base features only) Auditing for each environment including IFM task security Implemented by environment

Security Model - Create and finalize a new security model Security Audits - Track changes to security Current Environment - View current security configuration and user rights in the environment Enhanced Security Application Card

Provides for implementation of new plan –Import users, groups, areas, and tasks from CAS files –Decide what you want to lock –Create groups and authorize to tasks –Assign users to groups –View current and planned user rights Optional component Note: this is all done in the model – not the live environment Security Modeling and Planning

Import from the current environment: –Users –Groups –Areas and tasks –Group Authorities –Private Authorities You don’t have to start from scratch! 1. Import Security Components

Subsets –Unlocked –Application –Type Mass Change Model Template It’s Easy! 2. Decide what you want to lock

Subsets Views Mass Change R7 –Quick Change –Append subsets Model Template Piece of Cake! 3. Create groups & authorize to tasks

Validation Subsets –User Groups –Group members Templates Return-to-create Your model is almost ready! 4. Assign users to groups

Current and planned rights A. User being reviewed B. Tasks the user is granted C. How access was granted Private (user id) Group (group id) Not locked (blank) A B C 5. View user rights

Compare planned versus current rights –View tasks user will no longer have access to –View tasks user could not do before (for approval) –Final Adjustments to the model Export files to a test environment for user testing –Included with modeling option –Handles security validation stamps Benefits –Reduce risk of affecting user productivity at go live –Resolve issues quickly after plan is implemented Advanced Analysis and Testing

Rights Revoked: If users need any of these rights to do their jobs, they will be adversely affected when the plan is implemented. Enhanced Security lets you make sure this won’t happen. Advanced Analysis

Rights Granted: SOX requires that all access be reviewed by authorizing manager. With Enhanced Security, you can export user rights to standard forms for management approval. Advanced Analysis We can use Integrator to build approvals right in to the application!!!

Testing is critical to ensure users are not affected by the new plan. Users from every group Formal test plan Enhanced Security provides an export process for moving user rights from the model to an XA environment on the same or different iSeries. Validation stamps generated No re-keying Testing

Auditors require regular review of changes to security authorizations Enhanced Security provides: Detailed Transaction History Security Change Audit Violations to Segregation of Duties Regular Audit Reports Security Auditing and Reporting

Start Auditing –Saves an image of environment security files –Journals are activated on the files –Changes in user rights are extracted from the journals Routine Auditing and Reporting

Determine how a user has gained access to a task Quickly identify the area(s) where changes need to be made Customize views, subsets, and sorts View or Host Print Detailed Transaction History

Net Changes only (since last run) Navigate to Detailed Transactions that resulted in the change View or Print Report Security Change Audits

Schedule regular Auditor reports Set Audit Options Regular Reporting – Scheduled Job

Summarize authority granted to users for the reporting period From last run date (monthly changes) Security Audit Report

Users who have authority for tasks that auditors define as conflict of interest, for example: Create a purchase order Generate an AP check Security Audit Reports High-Risk Authority Conflicts

IFM Security View and Print IFM Users IFM Applications User Authority to Applications IFM Application Tasks User Defaults User rights to IFM Tasks are shown with CAS application tasks so you can see everything the user can do

IFM Security User Authorities to IFM Applications

IFM Security IFM Application Tasks

IFM Security IFM User Defaults

All user rights to CAS and IFM Tasks in one place View user rights

iSeries Security User Profiles – view and print Power Users Logon Statistics Password Info Groups and group membership Startup Information

iSeries Security iSeries User Profiles – Special Authorities

iSeries Security iSeries User Profiles – Password Information

iSeries Security Object Authorities – view and print All objects – all libraries User rights – display/maintain XA objects not owned by AMAPICS

iSeries Security iSeries Object Authorities

Integrator (R6 or R7) –R6 requires new business objects created at installation OS V5R3 or higher All functions to be secured must be set up in CAS as tasks and assigned to an area Prerequisites

New Feature Database File Audit File being corrupted or changed outside of XA You need to know who and how it’s done Turn on auditing for the file Starts journaling if not already Extracts information View who made changes to the file and if they used outside tools to do it (SQL, DFU, and others)

Base Package: Enhanced Security $9, XA Security Views and Reports IFM Security Views iSeries Security Views Installation /Training Services Three days on-site plus expenses Optional Features and Services: Security Model feature$ 4, Security Consulting Services$1,600.00/day Security Audit (2-3 days) Security Planning and setup (approx days) ES Packaging and Pricing

Thank you! Questions?