Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Authority on Demand Provide high authority “as-needed” with full Audit Trail.

Published byJocelin Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Authority on Demand Provide high authority “as-needed” with full Audit Trail."— Presentation transcript:

1 1 Authority on Demand Provide high authority “as-needed” with full Audit Trail

2 2 The Challenge Companies are finding it more and more difficult to monitor activities of “non-corporate” personnel such as consultants, auditors, contractors, etc. The increase in “insider threats”, i.e. from company personnel, has made it mandatory that employee’s activities be closely monitored. Emergency access to critical application data and processes is a very common security breach which is often uncovered in IBM i audits. Manual documentation of emergency access is not only error-prone, but does not comply with regulations and auditor’s security requirements. Companies define user’s security levels and allocate security rights in accordance with job responsibilities; sometimes (evenings, weekends, vacations, etc.) these rights may not be enough to carry out an assignment..

3 3 Authority on Demand- Features Easy to Use – Green-screen & GUI (suitable for non-technical staff) simplify granting special authorities when needed. Add & Swap Security Levels – Unique feature! Adds additional security rights to requesting user which is mandatory for correct auditing; can also swap higher rights from a more powerful user as done by competitive products, but this compromises auditing. Authority Transfer Rules & Providers – Easily pre-define special authority "providers" and special authority transfer rules, including in emergency situations. Safe Recovery from Emergency - Enables recovering from different types of emergency situations with minimum risk of human error. Full Monitoring Capabilities - logs and monitors all user’s activities during the period with higher authorities. Sends real-time e-mail alerts when personnel request higher authorities. Automatically sends audit trail report when high authority is released including screenshots viewed, commands issued, field data updated or viewed, etc. Controlled Access – Allows only relevant personnel to access business-critical data & processes.

4 4 Part 1 Authority on Demand Scenario

5 5 Without Authority on Demand: Inefficient Work Mode Sam Evans Programmer Has authorities for Test & Development Needs authorities for Production once a week Richard Garner Busy IT Manager Hi Sam… temporary authorities for the Production folder? Don’t have time now… maybe next week... OR OK, let me make a note on this slip of paper…Damn, can’t find it. Authority Request Rejected

6 6 With Authority on Demand: Automatic Granting of Special Authorities Let’s define authority rules: When Sam Evens requests authority for Production Folder between 8AM-16:30PM, Authority on Demand will automatically grant it… Uh, Richard, I need authorities for the Production folder again…

7 7 Requesting Special Authority… Now that we have AOD, I’ll request authority… Wow, this is so much easier than calling up Richard…

8 8 Instantly & Automatically Receiving Authorities Got the authorities!

9 9 Finally, I don’t have to waste my time on granting special authorities… the whole process is automatic and I can see a full log of Sam’s authority requests and even screen captures! Effective Monitoring of Special Authorities

10 Consultant or Programmer requests to temporary access to an object for which they don’t have authority; perhaps on a weekend, overnight, etc. Gives permanent additional authority Manually Adds additional authority to user profile and sets a reminder to revert Swaps requestor’s user profile with an alternate user profile which has higher authority Adds temporary higher authority to requestor’s user profile Full audit trail of requestor’s activities while working with higher authority. Authority should be given on “as needed” basis only Forgets to revert user profile to original status When viewing DB & QAUDJRN logs, a wrong user profile appears! No Risk thanks to AOD ProviderRequesterRegulator The 4 Options for the Authority Provider Risk

11 AOD Workflow: From User to Provider to Auditor User needs temporary, “higher” authority … User requests via GETAOD from Provider, automatically or ad-hoc (as QSECOFR) User receives temporary, higher authorities and Provider is notified Review Time Group IP Address Date/Time PIN User’s higher authorities revoked by RLSAOD or time expiration Auditor automatically receives reports and recorded session screenshots via e-mail Higher authority not granted Request Approved Request Not Approved 1 2 3 3 4 5

12 12 Part 2 Authority on Demand Screens

13 13 AOD Welcome Screen

14 14 Authority on Demand Log DANA obtained ADD authority of user QSECOFR in job 456789/DANA/QPADEV0003. Reason: Need to check problem in production system. Confirmation ID: 5634 Time: 11/03/14 22:40 DANA released ADD authority of user QSECOFR in job 456789/DANA/QPADEV0003. Time: 11/03/08 23:19 ID: 653 Attachment 1 – Commands entered Attachment 2 – Captured Screens Attachment 3 – DB Records changed Commands entered ID: 653, Attachment 1 DB Records changed ID: 653, Attachment 3 Captured Screens ID: 653, Attachment 2 * Other attachment options available (all QAUDJRN information, summary of changes made by Ad-Hoc utilities…)

15 15 Authority on Demand Main Menu

16 16 Work with Authority Rules

17 17 Modify an Authority Rule

18 18 Modify an Authority Rule

19 19 Work with Authority Providers

20 20 Modify definitions for an Authority Provider

21 21 Define (Option 6) and Change a Time Group

22 22 Activation menu (Option 11)

23 23 Request to obtain Authority (GETAOD)

24 24 GETAOD was successful- with message

25 25 E-mail messages for Start/End Authority

26 26 GETAOD was not successful- with message

27 27 Unsuccessful GETAOD: log and e-mail

28 28 Unsuccessful GETAOD- full explanation

29 29 Display AOD Log Entries- Option 41

30 30 Sample AOD Log Entries- F10 for Details

31 31 Select type of AOD Log entries to Display

32 32 This is the QAUDJRN log for one AOD request. Audit Log for one Get AOD request

33 33 AOD log contains “pointers” (i.e. attachments) to the appropriate QAUDJRN log. Option 43: Print Log

34 34 This is the printed QAUDJRN log for a single AOD request. Print output of QAUDJRN

35 35 Showing “Captured” Screen Image

36 36 Another “Captured” Screen Image

37 37 AOD System Configuration- Option 81

38 38 General Definitions Configuration Screen

39 39 AOD Log Retention Configuration Screen

40 40 SYSLOG Definitions

41 41 These are the SYSLOG messages written when authority was added. SYSLOG Messages

42 42 Emergency Operator Screen

43 43 Please visit us at www.razlee.com Thank You!

Download ppt "1 Authority on Demand Provide high authority “as-needed” with full Audit Trail."

Similar presentations

MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Michigan Electronic Grants System Plus

Michigan Electronic Grants System Plus
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
1 Authority on Demand Flexible Access Control Solution.

1 Authority on Demand Flexible Access Control Solution.
DHRS – KRONOS SCREEN USER GUIDE.

DHRS – KRONOS SCREEN USER GUIDE.
Authority on Demand Control Authority Rights & Emergency Access.

Authority on Demand Control Authority Rights & Emergency Access.
El Vis – Visman’s Electronic VISitor management system offers a module for Control of Contractors. The system is offered on a secure, maintained and controlled.

El Vis – Visman’s Electronic VISitor management system offers a module for Control of Contractors. The system is offered on a secure, maintained and controlled.
Hacking www.razlee.com Capture Save and Playback User Session Screens.

Hacking Capture Save and Playback User Session Screens.
1 Visualizer for Audit Graphical Business Intelligence Display & Analysis Tool.

1 Visualizer for Audit Graphical Business Intelligence Display & Analysis Tool.
For MIP Fund Accounting Software

For MIP Fund Accounting Software
Neurosurgical On Call Referral System

Neurosurgical On Call Referral System
Tele’Ware Software Application. Helping you manage your clients….

Tele’Ware Software Application. Helping you manage your clients….
Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.

Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.
Travel and Expense Management Scenario Overview

Travel and Expense Management Scenario Overview
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Information for students Welcome to the S 3 P system. Login to the system by entering your User ID and password. The User ID is the same as your normal.

Information for students Welcome to the S 3 P system. Login to the system by entering your User ID and password. The User ID is the same as your normal.
1 Audit Next Generation Monitoring, Compliance & QAUDJRN Reporting.

1 Audit Next Generation Monitoring, Compliance & QAUDJRN Reporting.
1 Password Reset Effortless, Self service User Password Reset.

1 Password Reset Effortless, Self service User Password Reset.
1 Action Automated Security Breach Reporting and Corrections.

1 Action Automated Security Breach Reporting and Corrections.
For Sage MIP Fund Accounting

For Sage MIP Fund Accounting

Similar presentations

Ads by Google