Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

Published byKory Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services"— Presentation transcript:

1 Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services belinda.daub@cistech.net 704-814-0004

2 1.Introduction to Enhanced Security 2.Implementing a Security Model 3.Advanced Analysis and Testing 4.Auditing and Reporting 5.Prerequisites 6.Coming Enhancements 7.Related Security Services Agenda

3 Why is it necessary? SOX Requirement for public companies Documented security policy Documented procedures Formal approval for security rights to be assigned Regular auditing and monitoring  Private Companies Are also addressing these requirements Protects investors, employees, community Enhanced Security for XA

4 Why is it necessary? CAS Security Green Screen interface Difficult to determine how user has access to tasks Reports are massive No auditing capability Risk to productivity when policy changes are made Enhanced Security for XA

5 How can it help? Add-on application written using Integrator Implemented by environment Three Components: Security Modeling and Planning Advanced Analysis and testing Routine Auditing and reporting Enhanced Security for XA

6 Power and Flexibility of the XA Client architecture: –Create views and subsets –Export to Excel Add-on Application using Integrator

7 Install in each environment Manage users for separate environments Includes all CAS tasks (if assigned to an area) Auditing for each environment Implemented by environment

8 Security Model Create and finalize a new security model Security Audits Review security changes for validity or breaches Current Environment View security and user authorities in the current environment Enhanced Security Application Card

9 Provides for implementation of new plan –Import users, groups, areas, and tasks from CAS files –Decide what you want to lock –Create groups and authorize to tasks –Assign users to groups –View current and planned authorities for users Note: this is all done in the model – not the live environment Security Modeling and Planning

10 Import from the current environment: –Users –Groups –Areas and tasks –Group Authorities –Private Authorities You don’t have to start from scratch! 1. Import Security Components

11 Subsets –Unlocked –Application –Type Mass Change Model Template It’s Easy! 2. Decide what you want to lock

12 Subsets Views Mass Change R7 –Quick Change –Append subsets Model Template Piece of Cake! 3. Create groups and assign to tasks

13 Validation Subsets –User Groups –Group members Templates Return-to-create Your model is almost ready! 4. Assign users to groups

14 Current and planned authorities A. User being reviewed B. Tasks the user is granted C. How access was granted Private (user id) Group (group id) Not locked (blank) A B C 5. View authorities for users

15 View tasks user will no longer have access to View tasks user could not do before Final Adjustments to the model Export files to a test environment for user testing and acceptance Benefits –Reduce risk of affecting user productivity at go live –Resolve issues quickly after plan is implemented Advanced Analysis and Testing

16 Rights Revoked: If users need any of these rights to do their jobs, they will be adversely affected when the plan is implemented. Enhanced Security lets you make sure this won’t happen. Advanced Analysis

17 Rights Granted: SOX requires that all access be reviewed by authorizing manager. With Enhanced Security, you can export user rights to standard forms for management approval. Advanced Analysis

18 Testing is critical to ensure users are not affected by the new plan. Users from every group Formal test plan Enhanced Security provides an export process for moving user rights from the model to an XA environment on the same or different iSeries. Validation stamps generated No re-keying Testing

19 SOX requires regular review of changes to security authorizations Enhanced Security provides: Detailed Transaction History Security Change Audit Conflicting Task Authorities Regular Audit Reports Security Auditing and Reporting

20 Freeze the Plan –Saves an image of the model –Triggers are activated on the XA security files –Changes in user rights begin to be written to a transaction file Routine Auditing and Reporting

21 Customize views, subsets, and sorts View or Host Print Determine how a user has gained access to a task Quickly identify the area(s) where changes need to be made Detailed Transaction History

22 Net Changes only (compared to last run or when model frozen) Navigate to Detailed Transactions that resulted in the change View or Print Report Security Change Audits

23 Schedule regular Auditor reports Set Audit Options Regular Reporting – Scheduled Job

24 Summarize authority granted to users for the reporting period From last run date (monthly changes) From date that the plan was frozen Security Audit Report

25 Users who have authority for tasks that SOX defines as conflicting, for example: Create a purchase order Generate an AP check Security Audit Reports High-Risk Authority Conflicts

26 IFM Security iSeries User Security CAS security maintenance XA Menu inquiry (where tasks are used) Coming Enhancements

27 Integrator (R6 or R7) –R6 requires new business objects created at installation OS V5R1 or higher All functions to be secured must be set up in CAS as tasks and assigned to an area Prerequisites

28 Enhanced Security <P30 $6,500 License P30+ $9,500 Implementation R6(3 days) * $3600 and Training R7(2 days) $2400 Annual License Fees none And the cost for ES…

29 Conference call and demo to address your specific areas of interest Purchase the software and schedule implementation and training Start with a Security Audit Select other related services to help you meet your SOX requirements Interested?

30 Security Audit Objective review of your iSeries and XA security configuration Typically 2 to 3 days (single XA environment) Review Security Settings –iSeries security configuration –iSeries User Profiles and environment access –XA Profiles and task authorities Risk Assessment and Recommendations (deliverable) Typical results –Estimate that 80% of companies need some improvements in Security –Security Policy not sufficient to protect unauthorized access to the system –XA security configuration is not optimized CISTECH Security Services

31 Security Planning Assistance –XA Security Policy –iSeries Security Policy –Documented Plan and Procedures –Change Management and Environment Standards for Customizations Related Security Services

32 Thank you! Questions?

Download ppt "Pass SOX security audits and Improve XA security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services"

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Is your company drowning in a sea of documents and regulations ? Quality Systems Integrators presents... TMSWeb Quality Management Compliance System.

Is your company drowning in a sea of documents and regulations ? Quality Systems Integrators presents... TMSWeb Quality Management Compliance System.
Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services
Enhancement Summary Moving Forward with XA IFM Enhancements R7.8 & R9.

Enhancement Summary Moving Forward with XA IFM Enhancements R7.8 & R9.
Order Based Production Management

Order Based Production Management
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Enhanced Security Management, Separation of Duties and Audit Support for XA Belinda Daub, Senior Consultant Technical Services

Enhanced Security Management, Separation of Duties and Audit Support for XA Belinda Daub, Senior Consultant Technical Services
Using XA Browser/Power-Link Preferences to Improve Efficiency

Using XA Browser/Power-Link Preferences to Improve Efficiency
Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.

Efficient, Productive, Time-Saving Solutions TRANSACTION AUDITING Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to view.
Software Quality Assurance Plan

Software Quality Assurance Plan
© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Shoper 9 Implementation in Chain Store March 2010.

© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Shoper 9 Implementation in Chain Store March 2010.
HORIZONT 1 ProcMan ® The Handover Process Manager Product Presentation HORIZONT Software for Datacenters Garmischer Str. 8 D- 80339 München Tel ++49(0)89.

HORIZONT 1 ProcMan ® The Handover Process Manager Product Presentation HORIZONT Software for Datacenters Garmischer Str. 8 D München Tel ++49(0)89.
Security Controls – What Works

Security Controls – What Works
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
PAYMENTNET at the University of Pennsylvania New Purchasing Card Management Software Application February 7, 2007.

PAYMENTNET at the University of Pennsylvania New Purchasing Card Management Software Application February 7, 2007.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
SAP An Introduction October 2012.

SAP An Introduction October 2012.
Complete Weekly Timesheets Select work. Add hours and comments Tell Mgr if ETC=0 and need more time. Tell Mgr if using someone else’s ETC. End week, change.

Complete Weekly Timesheets Select work. Add hours and comments Tell Mgr if ETC=0 and need more time. Tell Mgr if using someone else’s ETC. End week, change.
I n t u i t C o n f i d e n t i a l 1 Tech BizSolutions GovCalc™ System Solution Introduction 1/29/10 Mike Anderson, VP Marketing, 303-443-4440,

I n t u i t C o n f i d e n t i a l 1 Tech BizSolutions GovCalc™ System Solution Introduction 1/29/10 Mike Anderson, VP Marketing, ,

Similar presentations

Ads by Google