Presentation is loading. Please wait.

Presentation is loading. Please wait.

FOR MORE informative DECISIONS

Published byWinifred Wiggins Modified over 6 years ago

Similar presentations

Presentation on theme: "FOR MORE informative DECISIONS"— Presentation transcript:

1 FOR MORE informative DECISIONS
Continuous Monitoring for Infor/Lawson Software FOR MORE informative DECISIONS

2 Agenda About Us Definition Benefits to Your Organization How It Works
Continuous Monitoring for Infor/Lawson Software Agenda About Us Definition Benefits to Your Organization How It Works Audit Access Alerts Security Tuning Risk Analysis Demo Complimentary Solutions Services

3 Continuous Monitoring
for Infor/Lawson Software About Us Founded in 1983, Kinsey has provided software sales, implementation, support and development for 34 years. Lawson reseller and implementation partner since 1997. Lawson certified systems integrator partner. Lawson complementary software partner. Lawson’s “Go to” implementation partner for public sector. Provide complementary Lawson software products.

4 Continuous Monitoring
for Infor/Lawson Software Definition for EPR Continuous auditing is a tool for internal auditors mainly and to some extent external auditors to continually gather audit evidence to support auditing objectives and activities. This means collecting data on processes, transactions and accounts to establish compliance with regulation, procedures and policies. 

5 Benefits Audit Security Tuning Risk Analysis Access Alerts Objective:
Continuous Monitoring for Infor/Lawson Software Benefits Objective: To collect information regarding user activity that can be used for auditing, security validation and procedural risk analysis. Identify over provisioned access Activity based SOD policy violations Unauthorized Form Access Lawson Activity User Form Date-Time Action (FC) Record Audit Access Alerts Security Tuning Risk Analysis

6 How It Works User Initiated Transaction
Continuous Monitoring for Infor/Lawson Software How It Works Lawson IOS WebSphere Application Core IBM WebSphere Application Kinsey WebSphere Application Kinsey Server User Initiated Transaction JMS Queue holds the transactions to be processed JMS Queue holds the transactions to be processed Kinsey filter sends a copy of transaction to WebSphere JMS Queue for processing Kinsey application waits for WebSphere to send message Activity Database Transactions are held in the queue Take the Kinsey server off-line Lawson Processing

7 Continuous Monitoring
for Infor/Lawson Software Audit Objective: To collect information regarding user activity that can be used to determine the user responsible for the transaction, the date and time of activity, the action taken and the record processed.

8 Audit Login Activity Current Login Activity Filter by: User Date Range
Continuous Monitoring for Infor/Lawson Software Audit Current Login Activity Login Activity Filter by: User Date Range Transaction Source Drill to: Form Summary Record Detail

9 Audit Last Login Last Login Recorded Filter by: User Form Action
Continuous Monitoring for Infor/Lawson Software Audit Last Login Recorded Last Login Filter by: User Form Action Date/Time Record Accessed Drill to: User Security

10 Audit Historical Activity
Continuous Monitoring for Infor/Lawson Software Audit Historical Activity Capture every Portal or MS Add-in transaction processed by a Lawson user and filter by: User Form Function Code Date Record Key IP Address

11 Audit Metrics Metrics By System Code By Date Continuous Monitoring
for Infor/Lawson Software Audit Metrics Metrics By System Code By Date

12 Unauthorized Access Alerts
Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Objective: To identify when unauthorized access to a form has been breached. Method: Define alternative form privileges for a user Validate against user security Validate against user activity

13 Unauthorized Access Alerts
Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Security Access by User BUILDING A RULE fnelson bthomas smiller hroberts BY USER fnelson bthomas smiller Role GLjournal Role GLadm Role APclrk GLprocess GLreports GLmaint APprocess Form=GL40.1 Rule= ALL ACCESS Form=GL45.1 Rule=ALL ACCESS Form=GL190 Rule=ALL ACCESS GL40.1 GL45.1 GL190 Full access is allowed for just these 3 users.

14 Unauthorized Access Alerts
Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Security Access by Role BUILDING A RULE fnelson bthomas smiller hroberts BY ROLE GLjournal GLadm Role GLjournal Role GLadm Role APclrk GLprocess GLreports GLmaint APprocess Form=GL40.1 Rule= ALL ACCESS Form=GL45.1 Rule=ALL ACCESS Form=GL190 Rule=ALL ACCESS GL40.1 GL45.1 GL190 Full access is only allowed for users assigned one of these 2 Roles.

15 Unauthorized Access Alerts
Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Based on User Activity BUILDING A RULE Found Activity for fnelson GL40.1 Found Activity for hroberts GL40.1 BY ROLE GLjournal GLadm fnelson bthomas smiller hroberts Role GLjournal Role GLadm Role APclrk Form=GL40.1 Rule= ALL ACCESS Form=GL45.1 Rule=ALL ACCESS Form=GL190 Rule=ALL ACCESS GLprocess GLreports GLmaint APprocess Full access is only allowed for users assigned one of these 2 Roles. GL40.1 GL45.1 GL190

16 Unauthorized Access Alerts
Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts Security Access HOW THIS WORKS Rule example: Where Role = bthomas, smiller or fnelson and Form = GL40.1, GL45.1 or GL190 and rule = ALL ACCESS This rule states that these 3 users are the only ones allowed full access to the 3 forms in the listed. Kinsey Rule Set No Has full access to any of these forms been assigned to another person? Search LS for users with All Access to GL40.1, GL45.1 GL190 Yes Build Notification

17 Unauthorized Access Alerts
Continuous Monitoring for Infor/Lawson Software Unauthorized Access Alerts User Activity HOW THIS WORKS Rule example: Role = GLjournal or GLadm and Form = GL40.1, GL45.1 or GL190 and rule = ALL ACCESS This rule states that the only users allowed full access to the 3 forms listed must be assigned either the GLjournal or GLadm role. Kinsey Rule Set No Have any of the listed forms been accessed by anyone else? Create a list of Users based on Rule. Yes Build Notification.

18 Security Tuning Objective:
Continuous Monitoring for Infor/Lawson Software Security Tuning Objective: Provide information that can be used to improve security by limiting access based on actual user activity.

19 Security Tuning User Security versus Activity
Continuous Monitoring for Infor/Lawson Software Security Tuning User Security versus Activity By combining Kinsey’s User Security Report… with the User Activity Report….

20 Security Tuning User Security versus Activity
Continuous Monitoring for Infor/Lawson Software Security Tuning User Security versus Activity …we can determine the forms a user has access rights to but may or may not be using. Filter by: User Role Security Class Form Date Range

21 SOD Risk Analysis Objective:
Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Segregation of Duties (SOD) reporting validates that you have the proper checks and balances in place to prevent fraudulent activity. Objective: To determine which users and policies present the highest degree of risk.

22 SOD Risk Analysis Violation Report
Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Violation Report By comparing your security settings… to our SOD policies….

23 SOD Risk Analysis Violation Report
Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Violation Report …we can create an SOD violation report by User. Example: Payables (153); Investigate Discrepancies or Expenditure issues conflicts with Initiate Checks for Expenditure.

24 SOD Risk Analysis Risk Analysis Grid
Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Risk Analysis Grid The Risk Analysis Grid combines the SOD Violation report with actual user activity to highlight the policies with the highest degree of risk. Example: Payables (153); Investigate Discrepancies or Expenditure issues conflicts with Initiate Checks for Expenditure. User ‘s Security violates the SOD Policy however the there is no form activity pertaining to the rule. User ‘s Security violates the SOD Policy and at least 1 policy group has activity. User ‘s Security violates the SOD Policy and both policy groups have activity.

25 SOD Risk Analysis Policy Access Grid
Continuous Monitoring for Infor/Lawson Software SOD Risk Analysis Policy Access Grid By drilling on a specific violation you can view the User’s security settings and a policy access grid. Drill to Security Reporting Drill to User Activity

26 Continuous Monitoring
for Infor/Lawson Software Product Demo

27 Complimentary Solutions
Continuous Monitoring for Infor/Lawson Software Complimentary Solutions Activity Monitor Audit Security Tuning Unauthorized Access SOD Reporting 200+ Prebuilt Policies Violation Reports Notifications Audit all object changes Notifications Security Auditing Selectively audit over 6500 Lawson Forms Transaction Auditing User Role Security Class Usage Comparison Security Reporting Risk Analysis Grid Security Modeling SOD Remediation Security Modeling Build What-if scenarios for Users, Roles, Forms Landmark Reporting Actor Role Security Class Lawson LPL Detail

28 Services Installation Security Consulting Training
Continuous Monitoring for Infor/Lawson Software Services Installation Security Consulting Remote installation services take between 1 and 3 days depending on the product selected. After testing most customers are fully operational within 2 weeks. Our team of security consultants have assisted over 60 Lawson clients build and maintain Lawson Security. Training Training is also done remotely using Kinsey certified Lawson consultants. Training takes anywhere from 1 to 3 days depending on the applicaitions selected.

29 Thank you for attending!
Continuous Monitoring for Infor/Lawson Software Contact Us Kinsey & Kinsey, Inc. 26 North Park Boulevard Glen Ellyn, IL call Thank you for attending! We hope you found it helpful!

Download ppt "FOR MORE informative DECISIONS"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.

Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.
Complementary Solutions for Lawson S3 MONITORING AND AUDITING FOR LAWSON S3 November 2013 Presented by Dan Kinsey.

Complementary Solutions for Lawson S3 MONITORING AND AUDITING FOR LAWSON S3 November 2013 Presented by Dan Kinsey.
Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.

Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.
Efficient, Productive, Time-Saving Solutions ACTIVITY MONITOR Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view our.

Efficient, Productive, Time-Saving Solutions ACTIVITY MONITOR Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view our.
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.

1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
Travel and Expense Management Scenario Overview

Travel and Expense Management Scenario Overview
1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”

1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Dynamics GP and NFP’s Made for Each Other Presented by Lisa Armstrong Senior Consultant.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Dynamics GP and NFP’s Made for Each Other Presented by Lisa Armstrong Senior Consultant.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network security policy: best practices

Network security policy: best practices
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models

Similar presentations

Ads by Google