SlideShare a Scribd company logo

Enterprise GRC for PEoplesoft

Appsian
Appsian

The document discusses the need for organizations to improve their governance, risk, and compliance (GRC) posture to address expanding data regulations and cyber threats. It outlines key parameters for an effective GRC strategy, including identity-based authentication and authorization controls, understanding business and regulatory drivers, and stakeholder participation. The document also notes specific GRC challenges with legacy applications like PeopleSoft, such as limited logging and visibility, lack of granular access controls and monitoring, and exposure of sensitive data. It introduces the Appsian Security Platform as a solution to enhance PeopleSoft's security and help meet compliance requirements through features like detailed logging, activity monitoring and analytics, single sign-on, multi-factor authentication, and contextual access controls based on

Internet
1 of 9
Download to read offline
Enterprise Governance, Risk, and Compliance for PeopleSoft GRC SOLUTION BRIEF
GRC SOLUTION BRIEF As data regulations expand in scope and cyber threats become more sophisticated (and aggressive), organizations need to upgrade their security posture to control risk factors and comply with new regulations. Risk management and regulatory compliance are two critical components of an organization’s security posture, but if not well established, can lead to devastating data breaches, crippling monetary penalties, legal implications and more. While breaches and cybercrime are at an all-time high, new data privacy regulations like GDPR have introduced stringent mandates on the processing and use of sensitive data. In case of legacy ERP applications, developing a robust GRC posture can be especially difficult. Out-of-the-box, most legacy ERP systems lack the granular visibility and security controls needed to effectively address compliance requirements and manage risk. To fill these gaps, organizations are left with expensive, time-consuming customizations or must rely on piecing together disparate 3rd party solutions that can prove to be complex and expensive to maintain. An effective GRC strategy must take a holistic approach to ensure proper policies are implemented, appropriate security controls are used, and that all related components can work in unison to fulfil compliance requirements. In this Solution Brief, we will first cover the fundamental parameters necessary to develop an effective security posture to manage modern threat vectors and navigate complex compliance regulations. In following, we’ll explore the GRC challenges unique to PeopleSoft and how Appsian Security Platform can enhance security to meet today’s compliance requirements. Ensure organizational preparedness Abstract The Prerequisites of an Effective Risk Management and Regulatory Compliance Strategy • Maintain Identity-Based Authentication & Authorization Controls – In today’s security environments governed by mobile devices, remote connectivity, and web- facing applications, identity has become the new network perimeter. As opposed to the traditional physical network perimeters, sensitive data is now accessible from anywhere in the world. As a result, layered identity-based controls need to be assessed, deployed, and strengthened. 2Enterprise Governance, Risk, and Compliance for PeopleSoft
GRC SOLUTION BRIEF • Understand Business & Regulatory Drivers – Every business domain has its unique operating procedures and governing regulations that play a significant role in the decision-making process. Therefore, it is essential that these factors are documented and accounted for before making any additions, upgrades, or eliminations to an enterprise’s technology architecture or business processes. Changes must be thoroughly evaluated, as compromises on existing components are likely to increase loopholes in the security posture. • Ensure Support & Participation of Appropriate Stakeholders – Awareness and accountability are of paramount importance. To manage risk, organizations cannot afford to leave out any details that internal teams can provide - including requirements, expectations, historical incidents and more. It is important to include every stakeholder in the decision-making process to reduce the possibility of errors and to ensure technical/functional accountability. 3Enterprise Governance, Risk, and Compliance for PeopleSoft Manage your data Before you can effectively manage your data, you need to know where you have it, the volume of data you are handling, and put in place the basic security measures. • Discover & Catalog Your Sensitive Data – To protect data, organizations must first identify and categorize it based on the level of sensitivity, importance, and usage. Adequate classification of data also simplifies reporting and helps in prioritization when routine or compliance audits are requested. • Encrypt Sensitive Data-At-Rest & Data-In-Motion – Sharing data is critical to several business processes. However, whether in storage or as it travels among employees, third-parties, partners, vendors, etc. sensitive data that is susceptible to compromise and misuse must be properly encrypted.
GRC SOLUTION BRIEF Stay prepared for incident response and remediation Breaches are inevitable. Hold your guard up at all times and keep a remediation strategy ready to minimize the impact of security incidents as they occur. • Implement a Security Info & Event Management (SIEM) Platform – Implementing systems to aggregate security data for better visibility is key to establishing risk and compliance management measures. This is necessary for SOC teams to spot threats early and quickly implement appropriate remediation efforts. • Implement Intrusion Detection & Response Capabilities – Compliance is not just about knowing that you’ve been breached and reporting it. It is about knowing how to handle and mitigate the implications of the breach while strategizing adequate incident responses. Therefore, organizations need to have robust detection and response systems in place. Improve activity monitoring, tracking, and access control Gather as many details as you can about how data is used, shared and transferred within your systems and ensure that the integrity of data is maintained throughout its lifecycle, no exceptions! • Implement Granular Application & Database Access Controls & Monitoring – Traditional logging is not enough to fulfill today’s complex threat detection and regulatory requirements. As a result, organizations need to employ measures that record user activity on a granular level, so that risk factors can be identified and mitigated faster. • Protect Sensitive Data in ALL Environments – More often than not, protection of sensitive data is a matter concentrated on non-production (development, testing, QA, etc.) environments only. However, data assets are still at risk of exposure in production environments. To mitigate the risk of accidental or even intentional data leakage, it is important that sensitive data is located and protected in all stages alike. 4Enterprise Governance, Risk, and Compliance for PeopleSoft
GRC SOLUTION BRIEF Why is PeopleSoft an Important Part of Your GRC Strategy? Your PeopleSoft applications are your organization’s hub for business-critical transactions and the core of your organization’s financial, personnel, and corporate data. The amount of sensitive data across these applications makes them a crucial part of your organization’s governance, risk, and compliance strategy. With evolving threats, the security stature of PeopleSoft applications needs to evolve too. However, despite robust security features, out-of-the-box most ERP applications are not prepared to tackle modern security threats and regulatory compliance requirements. 5Enterprise Governance, Risk, and Compliance for PeopleSoft GRC Challenges with PeopleSoft PeopleSoft Offers Limited User Activity Data via Logging Like legacy ERP systems, the default logging in PeopleSoft is high-level and only records application usage data required for trouble shooting and debugging. Due to system performance considerations many organizations choose to turn off data logging and limit it to recording login and logout instances only. Native logs are mostly system- focused, bulky, and unstructured and pose the following limitations: • Key pieces of information are missing • Insufficient actionable data to identify or investigate a breach • Audits need to be done manually with limited data • Lack of data for regulatory reporting puts organizations at-risk of non-compliance Lack of Actionable Analytics Tracking a specific event in detailed logs is time-consuming. Traditional security audits performed manually on excel sheets can take weeks or even months. With data protection regulations mandating that a data breach should be reported a stipulated amount of time (for example, within 72 hours under GDPR), organizations need to have instant access to real-time transaction data that helps security teams identify, investigate, report and remediate data breaches quickly. Lack of Visibility
GRC SOLUTION BRIEF Limited Security Controls Lacks of Support for SAML-based Single Sign-On Organizations rely on their respective identity providers (AD, ADFS, Okta and more) to build and enforce centralized password governance policies. Since PeopleSoft applications lack native support for SAML, the widely accepted identity federation standard, those governance policies cannot be applied to them - leading to application isolation and a higher risk of password-based threats. To make usual off-the-shelf SSO solutions work with PeopleSoft, organizations would typically have to build an extensive framework of additional customizations and potentially additional hardware in order to simulate communication between the application and their respective identity provider. Once complete, the custom solution would work, but will often be fragile and could adversely impact the ability to upgrade PeopleSoft components. Limitations of Traditional Multi-Factor Authentication Conventional MFA solutions are predominantly implemented at the login screen to prevent malicious outsider access. However, once a user passes an MFA challenge at login, the data inside the application remains vulnerable to insider threats via privilege misuse, unintentional data leakage, data exfiltration and more. To protect specific data assets (i.e. SSN, direct deposit info), authentication measures must be expanded beyond the perimeter and into the application. Lack of Dynamic Access and Privilege Management Access controls within PeopleSoft are governed by rigid rulesets such as static user roles and permission lists. As a result, everyone in a privileged user group or permission list can access sensitive data freely – regardless of where they are accessing it from or the data’s sensitivity-level. To ensure robust security, organizations need to establish dynamic access controls based on the context of access, such as location or device, nature of data, user activity and more. Sensitive Data Exposure Controlling the exposure of sensitive information is a fundamental best practice for data management. As a key tactic to control exposure, data masking protects sensitive information from intentional or accidental data leakage and significantly minimizes threats by ensuring that only authorized users who need to see data can see it, as well as only when they should. PeopleSoft has released data masking functionality, but the delivered masking rules cover only the basic security and compliance needs, posing certain limitations: 6Enterprise Governance, Risk, and Compliance for PeopleSoft
GRC SOLUTION BRIEF 7Enterprise Governance, Risk, and Compliance for PeopleSoft • Masking/Redaction is governed by static roles; therefore, certain users can view all of the sensitive data while others cannot view it at all. • One-way field masking is used. Even if a data field is masked, the field is not locked, and malicious users/ hackers can still change it. • Masking is implemented at the UI-level only. Queries can still be used to gain access to otherwise masked data. Solution Appsian Security Platform (ASP) is uniquely designed for PeopleSoft and provides layered security features that are contextually aware of both the user requesting access and the sensitive nature of the data/transaction being accessed. ASP enhances the security and visibility of your PeopleSoft environment without impacting user experience – ensuring that your data stays safe, your users stay productive, and your organization’s reputation remains intact. Granular PeopleSoft Logging and Activity Monitoring With the goal of helping customers minimize the impacts of breaches and avoid regulatory violations, ASP’s detailed logging features enable direct visibility into user activity within PeopleSoft. The security logs record all user transactions on a granular level, providing the level of detail needed to comply with data protection regulations, fulfill audit reporting, and to investigate and respond to breaches efficiently. Logs include detailed information on who is accessing the data, what information is being accessed, where it is being accessed from, user ids, IP address involved and more. Visualized Analytics for Expedited Detection and Response Appsian’s Security Analytics software integrates with PeopleSoft to seamlessly access the essential data needed to identify suspicious activity and mitigate issues. Advanced visual dashboards equip security professionals with real-time snapshots of data usage and enhance data discovery and exploration capabilities to expedite breach detection and response efforts. Actionable Insights
Modernized Access Control Native SAML Integration to Enable Single Sign-On Appsian’s Single Sign-On solution enables seamless, secure access to PeopleSoft for organizations leveraging SAML based Identity Providers. It enables centralized ID management by supporting identity federation through the implementation of related rules capable of responding to assertions/claims from SAML providers. By using existing identity providers with PeopleSoft, organizations can simplify the login process to improve user engagement and productivity, allowing users to switch between applications seamlessly and reducing password-related downtime. Additionally, strong password governance policies set forth by identity providers can be used to improve security, and the removal of manual logins will reduce the likelihood of compromised credentials. 8Enterprise Governance, Risk, and Compliance for PeopleSoft GRC SOLUTION BRIEF Multi-Factor Authentication Inside PeopleSoft Appsian’s MFA allows organizations to expand MFA functionality to the field, page, and component levels within PeopleSoft. Unlike conventional MFA solutions that only protect the front door, Appsian’s MFA can leverage all existing PeopleSoft artifacts to challenge users with MFA at login, and also in scenarios such as when trying to access their direct deposit information from an unrecognized location (off your secure network) – or have high-privilege users challenged if they are attempting to access specific PII or execute a transaction deemed highly sensitive.
9 GRC SOLUTION BRIEF Enterprise Governance, Risk, and Compliance for PeopleSoft Contextual Security Location-Based Security & Least Privilege Access ASP regulates user access based on the user’s location of access. Aimed at controlling the misuse of PII from stolen credentials to high privilege accounts or privilege misuse by insiders, ASP applies conditional access by leveraging the context of where access is coming from. Considering whether users are accessing PeopleSoft from a secure network or the open internet, organizations can apply rules for what users can view and what transactions they can execute. Dynamic Data Masking/Redaction ASP allows organizations to partially or fully mask any data field(s) to prevent unsolicited divulgence of sensitive information. Using ASP’s data masking rules, organizations can configure which fields to mask, apply conditional access rules for end users to view masked data, and track the access to sensitive data by tagging it with corresponding user ids. Features like click-to-view masking allow organizations to minimize exposure without obstructing users. Conclusion Risk management and compliance have evolved from being IT centric issues to impacting enterprise-wide business functions like legal, HR, supply chain, finance and more. Data protection mandates such as GDPR have increased the pressure on security teams to better manage sensitive data and the risks surrounding it. The key to success lies in understanding the needs of your organization’s unique IT and business structure and incorporating prevention and remediation features throughout. When it comes to PeopleSoft applications that’ve been in action for decades, layering prevention, visibility, as well as remediation features within your applications, on a granular level, can ensure that you are prepared to minimize if not eliminate potential risk to sensitive data. Monitoring user activity, establishing access controls, and eliminating unnecessary privilege can help propagate compliance as an organizational culture rather than being an obligatory operational burden. 8111 Lyndon B Johnson Fwy. Dallas, TX 75251 +1 (469) 906-2100 © Appsian 2019 info@appsian.com

Recommended

Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 

Recommended

Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity OverviewBrian Matteson, CISSP CISA
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014Aladdin Dandis
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4Aladdin Dandis
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2Aladdin Dandis
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5Aladdin Dandis
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014Aladdin Dandis
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security ServicesGraham Mann
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3Aladdin Dandis
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During DownsizingConstantine Karbaliotis
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014Aladdin Dandis
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's GuideJoseph DeFever
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 

More Related Content

What's hot

Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security ServicesGraham Mann
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 

What's hot (20)

Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performance
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During Downsizing
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 

Similar to Enterprise GRC for PEoplesoft

Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxmccormicknadine86
 
Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetrySymmetry™
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySymmetry™
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisionsAlireza Ghahrood
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itAvancercorp
 

Similar to Enterprise GRC for PEoplesoft (20)

SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
 
Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | Symmetry
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | Symmetry
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid it
 

More from Appsian

Appsian payroll diversion_infographic
Appsian payroll diversion_infographicAppsian payroll diversion_infographic
Appsian payroll diversion_infographicAppsian
 
Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)Appsian
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian
 
2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_saprecon2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_sapreconAppsian
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Appsian
 
Appsian remote access_infographic
Appsian remote access_infographicAppsian remote access_infographic
Appsian remote access_infographicAppsian
 
Effective multi factor authentication for people soft
Effective multi factor authentication for people softEffective multi factor authentication for people soft
Effective multi factor authentication for people softAppsian
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Appsian
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_Appsian
 
Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020Appsian
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsAppsian
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityAppsian
 
Appsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoftAppsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoftAppsian
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft ErpAppsian
 
Sap Grc Security
Sap Grc SecuritySap Grc Security
Sap Grc SecurityAppsian
 

More from Appsian (16)

Appsian payroll diversion_infographic
Appsian payroll diversion_infographicAppsian payroll diversion_infographic
Appsian payroll diversion_infographic
 
Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)Appsian compliance risk_analytics_data_sheet(1)
Appsian compliance risk_analytics_data_sheet(1)
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_brief
 
2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_saprecon2020 content sap_solution_brief_saprecon
2020 content sap_solution_brief_saprecon
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019
 
Appsian remote access_infographic
Appsian remote access_infographicAppsian remote access_infographic
Appsian remote access_infographic
 
Effective multi factor authentication for people soft
Effective multi factor authentication for people softEffective multi factor authentication for people soft
Effective multi factor authentication for people soft
 
Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019Asp for sap_data_sheet___appsian_application_security_platform_2019
Asp for sap_data_sheet___appsian_application_security_platform_2019
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_
 
Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020Sap rba cplus_abac_datasheet_appsian_2020
Sap rba cplus_abac_datasheet_appsian_2020
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft Systems
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining Security
 
Appsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoftAppsian360 For SAP and PeopleSoft
Appsian360 For SAP and PeopleSoft
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft Erp
 
Sap Grc Security
Sap Grc SecuritySap Grc Security
Sap Grc Security
 

Recently uploaded

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfMilind Agarwal
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 

Recently uploaded (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 

Enterprise GRC for PEoplesoft

  • 1. Enterprise Governance, Risk, and Compliance for PeopleSoft GRC SOLUTION BRIEF
  • 2. GRC SOLUTION BRIEF As data regulations expand in scope and cyber threats become more sophisticated (and aggressive), organizations need to upgrade their security posture to control risk factors and comply with new regulations. Risk management and regulatory compliance are two critical components of an organization’s security posture, but if not well established, can lead to devastating data breaches, crippling monetary penalties, legal implications and more. While breaches and cybercrime are at an all-time high, new data privacy regulations like GDPR have introduced stringent mandates on the processing and use of sensitive data. In case of legacy ERP applications, developing a robust GRC posture can be especially difficult. Out-of-the-box, most legacy ERP systems lack the granular visibility and security controls needed to effectively address compliance requirements and manage risk. To fill these gaps, organizations are left with expensive, time-consuming customizations or must rely on piecing together disparate 3rd party solutions that can prove to be complex and expensive to maintain. An effective GRC strategy must take a holistic approach to ensure proper policies are implemented, appropriate security controls are used, and that all related components can work in unison to fulfil compliance requirements. In this Solution Brief, we will first cover the fundamental parameters necessary to develop an effective security posture to manage modern threat vectors and navigate complex compliance regulations. In following, we’ll explore the GRC challenges unique to PeopleSoft and how Appsian Security Platform can enhance security to meet today’s compliance requirements. Ensure organizational preparedness Abstract The Prerequisites of an Effective Risk Management and Regulatory Compliance Strategy • Maintain Identity-Based Authentication & Authorization Controls – In today’s security environments governed by mobile devices, remote connectivity, and web- facing applications, identity has become the new network perimeter. As opposed to the traditional physical network perimeters, sensitive data is now accessible from anywhere in the world. As a result, layered identity-based controls need to be assessed, deployed, and strengthened. 2Enterprise Governance, Risk, and Compliance for PeopleSoft
  • 3. GRC SOLUTION BRIEF • Understand Business & Regulatory Drivers – Every business domain has its unique operating procedures and governing regulations that play a significant role in the decision-making process. Therefore, it is essential that these factors are documented and accounted for before making any additions, upgrades, or eliminations to an enterprise’s technology architecture or business processes. Changes must be thoroughly evaluated, as compromises on existing components are likely to increase loopholes in the security posture. • Ensure Support & Participation of Appropriate Stakeholders – Awareness and accountability are of paramount importance. To manage risk, organizations cannot afford to leave out any details that internal teams can provide - including requirements, expectations, historical incidents and more. It is important to include every stakeholder in the decision-making process to reduce the possibility of errors and to ensure technical/functional accountability. 3Enterprise Governance, Risk, and Compliance for PeopleSoft Manage your data Before you can effectively manage your data, you need to know where you have it, the volume of data you are handling, and put in place the basic security measures. • Discover & Catalog Your Sensitive Data – To protect data, organizations must first identify and categorize it based on the level of sensitivity, importance, and usage. Adequate classification of data also simplifies reporting and helps in prioritization when routine or compliance audits are requested. • Encrypt Sensitive Data-At-Rest & Data-In-Motion – Sharing data is critical to several business processes. However, whether in storage or as it travels among employees, third-parties, partners, vendors, etc. sensitive data that is susceptible to compromise and misuse must be properly encrypted.
  • 4. GRC SOLUTION BRIEF Stay prepared for incident response and remediation Breaches are inevitable. Hold your guard up at all times and keep a remediation strategy ready to minimize the impact of security incidents as they occur. • Implement a Security Info & Event Management (SIEM) Platform – Implementing systems to aggregate security data for better visibility is key to establishing risk and compliance management measures. This is necessary for SOC teams to spot threats early and quickly implement appropriate remediation efforts. • Implement Intrusion Detection & Response Capabilities – Compliance is not just about knowing that you’ve been breached and reporting it. It is about knowing how to handle and mitigate the implications of the breach while strategizing adequate incident responses. Therefore, organizations need to have robust detection and response systems in place. Improve activity monitoring, tracking, and access control Gather as many details as you can about how data is used, shared and transferred within your systems and ensure that the integrity of data is maintained throughout its lifecycle, no exceptions! • Implement Granular Application & Database Access Controls & Monitoring – Traditional logging is not enough to fulfill today’s complex threat detection and regulatory requirements. As a result, organizations need to employ measures that record user activity on a granular level, so that risk factors can be identified and mitigated faster. • Protect Sensitive Data in ALL Environments – More often than not, protection of sensitive data is a matter concentrated on non-production (development, testing, QA, etc.) environments only. However, data assets are still at risk of exposure in production environments. To mitigate the risk of accidental or even intentional data leakage, it is important that sensitive data is located and protected in all stages alike. 4Enterprise Governance, Risk, and Compliance for PeopleSoft
  • 5. GRC SOLUTION BRIEF Why is PeopleSoft an Important Part of Your GRC Strategy? Your PeopleSoft applications are your organization’s hub for business-critical transactions and the core of your organization’s financial, personnel, and corporate data. The amount of sensitive data across these applications makes them a crucial part of your organization’s governance, risk, and compliance strategy. With evolving threats, the security stature of PeopleSoft applications needs to evolve too. However, despite robust security features, out-of-the-box most ERP applications are not prepared to tackle modern security threats and regulatory compliance requirements. 5Enterprise Governance, Risk, and Compliance for PeopleSoft GRC Challenges with PeopleSoft PeopleSoft Offers Limited User Activity Data via Logging Like legacy ERP systems, the default logging in PeopleSoft is high-level and only records application usage data required for trouble shooting and debugging. Due to system performance considerations many organizations choose to turn off data logging and limit it to recording login and logout instances only. Native logs are mostly system- focused, bulky, and unstructured and pose the following limitations: • Key pieces of information are missing • Insufficient actionable data to identify or investigate a breach • Audits need to be done manually with limited data • Lack of data for regulatory reporting puts organizations at-risk of non-compliance Lack of Actionable Analytics Tracking a specific event in detailed logs is time-consuming. Traditional security audits performed manually on excel sheets can take weeks or even months. With data protection regulations mandating that a data breach should be reported a stipulated amount of time (for example, within 72 hours under GDPR), organizations need to have instant access to real-time transaction data that helps security teams identify, investigate, report and remediate data breaches quickly. Lack of Visibility
  • 6. GRC SOLUTION BRIEF Limited Security Controls Lacks of Support for SAML-based Single Sign-On Organizations rely on their respective identity providers (AD, ADFS, Okta and more) to build and enforce centralized password governance policies. Since PeopleSoft applications lack native support for SAML, the widely accepted identity federation standard, those governance policies cannot be applied to them - leading to application isolation and a higher risk of password-based threats. To make usual off-the-shelf SSO solutions work with PeopleSoft, organizations would typically have to build an extensive framework of additional customizations and potentially additional hardware in order to simulate communication between the application and their respective identity provider. Once complete, the custom solution would work, but will often be fragile and could adversely impact the ability to upgrade PeopleSoft components. Limitations of Traditional Multi-Factor Authentication Conventional MFA solutions are predominantly implemented at the login screen to prevent malicious outsider access. However, once a user passes an MFA challenge at login, the data inside the application remains vulnerable to insider threats via privilege misuse, unintentional data leakage, data exfiltration and more. To protect specific data assets (i.e. SSN, direct deposit info), authentication measures must be expanded beyond the perimeter and into the application. Lack of Dynamic Access and Privilege Management Access controls within PeopleSoft are governed by rigid rulesets such as static user roles and permission lists. As a result, everyone in a privileged user group or permission list can access sensitive data freely – regardless of where they are accessing it from or the data’s sensitivity-level. To ensure robust security, organizations need to establish dynamic access controls based on the context of access, such as location or device, nature of data, user activity and more. Sensitive Data Exposure Controlling the exposure of sensitive information is a fundamental best practice for data management. As a key tactic to control exposure, data masking protects sensitive information from intentional or accidental data leakage and significantly minimizes threats by ensuring that only authorized users who need to see data can see it, as well as only when they should. PeopleSoft has released data masking functionality, but the delivered masking rules cover only the basic security and compliance needs, posing certain limitations: 6Enterprise Governance, Risk, and Compliance for PeopleSoft
  • 7. GRC SOLUTION BRIEF 7Enterprise Governance, Risk, and Compliance for PeopleSoft • Masking/Redaction is governed by static roles; therefore, certain users can view all of the sensitive data while others cannot view it at all. • One-way field masking is used. Even if a data field is masked, the field is not locked, and malicious users/ hackers can still change it. • Masking is implemented at the UI-level only. Queries can still be used to gain access to otherwise masked data. Solution Appsian Security Platform (ASP) is uniquely designed for PeopleSoft and provides layered security features that are contextually aware of both the user requesting access and the sensitive nature of the data/transaction being accessed. ASP enhances the security and visibility of your PeopleSoft environment without impacting user experience – ensuring that your data stays safe, your users stay productive, and your organization’s reputation remains intact. Granular PeopleSoft Logging and Activity Monitoring With the goal of helping customers minimize the impacts of breaches and avoid regulatory violations, ASP’s detailed logging features enable direct visibility into user activity within PeopleSoft. The security logs record all user transactions on a granular level, providing the level of detail needed to comply with data protection regulations, fulfill audit reporting, and to investigate and respond to breaches efficiently. Logs include detailed information on who is accessing the data, what information is being accessed, where it is being accessed from, user ids, IP address involved and more. Visualized Analytics for Expedited Detection and Response Appsian’s Security Analytics software integrates with PeopleSoft to seamlessly access the essential data needed to identify suspicious activity and mitigate issues. Advanced visual dashboards equip security professionals with real-time snapshots of data usage and enhance data discovery and exploration capabilities to expedite breach detection and response efforts. Actionable Insights
  • 8. Modernized Access Control Native SAML Integration to Enable Single Sign-On Appsian’s Single Sign-On solution enables seamless, secure access to PeopleSoft for organizations leveraging SAML based Identity Providers. It enables centralized ID management by supporting identity federation through the implementation of related rules capable of responding to assertions/claims from SAML providers. By using existing identity providers with PeopleSoft, organizations can simplify the login process to improve user engagement and productivity, allowing users to switch between applications seamlessly and reducing password-related downtime. Additionally, strong password governance policies set forth by identity providers can be used to improve security, and the removal of manual logins will reduce the likelihood of compromised credentials. 8Enterprise Governance, Risk, and Compliance for PeopleSoft GRC SOLUTION BRIEF Multi-Factor Authentication Inside PeopleSoft Appsian’s MFA allows organizations to expand MFA functionality to the field, page, and component levels within PeopleSoft. Unlike conventional MFA solutions that only protect the front door, Appsian’s MFA can leverage all existing PeopleSoft artifacts to challenge users with MFA at login, and also in scenarios such as when trying to access their direct deposit information from an unrecognized location (off your secure network) – or have high-privilege users challenged if they are attempting to access specific PII or execute a transaction deemed highly sensitive.
  • 9. 9 GRC SOLUTION BRIEF Enterprise Governance, Risk, and Compliance for PeopleSoft Contextual Security Location-Based Security & Least Privilege Access ASP regulates user access based on the user’s location of access. Aimed at controlling the misuse of PII from stolen credentials to high privilege accounts or privilege misuse by insiders, ASP applies conditional access by leveraging the context of where access is coming from. Considering whether users are accessing PeopleSoft from a secure network or the open internet, organizations can apply rules for what users can view and what transactions they can execute. Dynamic Data Masking/Redaction ASP allows organizations to partially or fully mask any data field(s) to prevent unsolicited divulgence of sensitive information. Using ASP’s data masking rules, organizations can configure which fields to mask, apply conditional access rules for end users to view masked data, and track the access to sensitive data by tagging it with corresponding user ids. Features like click-to-view masking allow organizations to minimize exposure without obstructing users. Conclusion Risk management and compliance have evolved from being IT centric issues to impacting enterprise-wide business functions like legal, HR, supply chain, finance and more. Data protection mandates such as GDPR have increased the pressure on security teams to better manage sensitive data and the risks surrounding it. The key to success lies in understanding the needs of your organization’s unique IT and business structure and incorporating prevention and remediation features throughout. When it comes to PeopleSoft applications that’ve been in action for decades, layering prevention, visibility, as well as remediation features within your applications, on a granular level, can ensure that you are prepared to minimize if not eliminate potential risk to sensitive data. Monitoring user activity, establishing access controls, and eliminating unnecessary privilege can help propagate compliance as an organizational culture rather than being an obligatory operational burden. 8111 Lyndon B Johnson Fwy. Dallas, TX 75251 +1 (469) 906-2100 © Appsian 2019 info@appsian.com