Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy & Procedure Adoption Approver of new & modified Role & Permission Lists content Approver of changes to universal security settings Compliance recertification Manager, PeopleSoft Application Security CUNY-CIS InfoSec Team University application security policy & procedure development Security Settings Change Management Exception Request Review Compliance & Certification Program including Review of Security at Campuses Audit of Transaction Logs Peoplesoft Security Training & Awareness Application Security Liaison Campus & Central Office Central point of contact for application security Campus Security Procedures (e.g. Profile maintenance) Document Security Environment Issues & Exception Management Review of Access Compliance, Re-certification Statement User enrollment & De-provisioning Approval of Role & Permission List assignment to Profiles Functional Liaisons Campus & Central Office Key Stakeholders Roles, Responsibilities & Relationships 5 February 2008, V3.1 University Information Security Director CUNY-CIS InfoSec Team
Application Security Liaison (1)Project Expectations Attend CUNYFIRST application security design, implementation and training meetings Build application security community at your College (functional liaisons, campus executives, project managers) Work proactively with the Manager, PeopleSoft Application Security and the CUNYFIRST project teams to build toward and meet go-live dates Participate in project deliverables development as necessary Participate in the testing of application security Work through changing environment and ambiguities as they arise Are significant contributors to CUNYFIRST
Application Security Liaison (2) Operational Expectations Facilitate the management of application security at the Campus as the central point of contact Maintain user profiles based upon approval of functional liaisons ► Individual profile changes ► Bulk user identity data loads Maintain up-to-date documentation of security environment including written operating procedures Fall & Spring security reviews and written compliance certification (working with College VP Administration) Report security violations and non-compliance situations Request and justify exceptions to content of PeopleSoft role definitions and permission lists
Manager, PeopleSoft Application Security (3) High-Priority focus areas Build the application security community and maintain healthy collaboration with the Oracle security team and the application security liaisons Training (for self and application security liaisons) Implement application security governance model Provide baseline operating procedures Collaborate with Oracle on CUNYFIRST application security design and implementation meetings Oracle deliverables review and approval Participate in the testing of application security Participate in CUNYFIRST project status meetings Commitment to successful go-live dates, keep activities on track Participate in addressing network infrastructure security issues if and when they arise