Agenda<br />Introduction<br />Problem Statement/Business Challenges<br />Introducing CS*Comply<br />Features at a glance<b...
Problem Statement/Business Challenges<br />Oracle E-Business Suite is very complex<br />Thousands of users<br />Hundreds o...
Problem Statement/Business Challenges<br />Look for suite that offers...<br />Handling of both traditional SOD risks as we...
CaoSys Solution Suite<br />A comprehensive suite of solutions...<br />Improving efficiency with productivity solutions<br ...
Introducing<br />
Introducing CS*Comply<br />CS*Comply is a class leading solution for implementing your user access/SOD controls in Oracle ...
Advantages of CS*Comply<br />Advantages over other solutions...<br />Beyond SOD: Comprehensive solution to address all Use...
Advantages of CS*Comply<br />CS*Comply addresses all issues in the problem statement and more...<br />Powerful and compreh...
At a Glance – Access Controls/SOD<br />Very fast Conflict Scanning Engine <br />100% integrated into Oracle E-Business Sui...
At a Glance – Access Controls/SOD<br />Multiple approvers <br />Class driven conflict matrix <br />User/Responsibility/Men...
At a Glance – Best Practices/CCM<br />Define password expiration policy globally<br />Restricted users screen for changing...
Access Control/SOD Enterprise Packs<br />Pre-seeded content (optional)...<br />Covering well over 45,000 known function co...
Access Controls/SOD - Example<br />The System Administrator Responsibilities function is a typical function to which acces...
Conflict Matrix<br />For this example, Responsibilities is listed as a high risk single function<br />
Conflict Scanning Engine<br />Conflict Scanning Engine (CSE)...<br />Scan system existing conflicts<br />Invoke interactiv...
Conflict Enquirer<br />Conflict Enquirer – provides fast and detailed analysis of conflicts...<br />Intra/Inter responsibi...
Conflict Analysis - Conflict Enquirer<br />
Conflict Analysis - Conflict Enquirer<br />
Conflict Inquiry/Reporting<br />Conflicts inquiry/reporting...<br />Intra-responsibility<br />Intra-menu<br />By Rule<br /...
Real-Time Prevention & Access Requests<br />Real-Time Prevention for Professional Forms based screens at the time of acces...
Real-Time Notification<br />Real-Time Notification...<br />Sent to authorisers<br />Sent to user making request<br />
Access Requests<br />Access Requests (for Professional Forms)...<br />Authorise, Deny or Revoke<br />Authorise on a tempor...
Responsibility Assignment Prevention<br />Responsibility assignments that would result in a conflict are prevented in real...
AccessGuard<br />AccessGuard...<br />Instant brute force prevention<br />Access by exception only<br />Protects Profession...
Best Practice/CCM Examples<br />Password control/monitoring…<br />Set Password Policy globally<br />Users without password...
Best Practice/CCM Examples<br />User/Employee monitoring...<br />Users not linked to an employee<br />Employees linked to ...
Best Practice/CCM Examples<br />Login/Responsibility monitoring…<br />Users with high risk responsibilities<br />Generic l...
Best Practice/CCM Examples<br />Concurrent Program monitoring…<br />High risk concurrent program usage tracking<br />Users...
Best Practice/CCM Examples<br />Delegation monitoring…<br />Worklist access<br />Vacation rules<br />
Demonstration<br />
Key Benefits/Value Proposition<br />CS*Comply brings many benefits...<br />Out of the Box Solution<br />Substantial Time S...
GRC Webinar Series<br />
Introducing<br />
Problem Statement<br />Inadequate auditing in standard audit trail<br />Lack of fine grained auditing resulting in audit o...
Problem Statement<br />GRC/auditing solutions are typically expensive<br />Achieving compliance (SOX, PCI...etc) can be a ...
An Alternate Solution<br />CS*Audit addresses all issues in the problem statement...<br />Fine-grained and rule driven aud...
At a Glance – Auditing<br />Transactional data auditing<br />Database wide auditing<br />Structured, rule driven auditing<...
Audit Enterprise Packs<br />Pre-seeded content...<br />Including more than 100 tables to audit<br />Covering over 2,000 da...
How <br />CaoSys solutions <br />address your audit requirements<br />
Auditing - Example<br />The Users table within the Oracle Business Suite is a typical table that you should audit; here we...
Auditing - Hierarchical<br />Audit policies are hierarchical<br />Classes and Sets of audit entities for easy management<b...
Auditing – Full Control<br />Choose what to audit...<br />Inserts<br />Deletes <br />Updates<br />
Auditing – Fine Grained & Rule Driven<br />Audit policies are fine grained and rule driven...<br />Check criteria before a...
Auditing – Hierarchical Rules<br />Audit rules can be applied at multiple levels...	<br />Set level<br />Class level<br />
Auditing – Security Conscious<br />Control who can view audit data from within the CS*Audit Enquirer<br />Clone setup to a...
Auditing – Transportable<br />Audit policies are easily transportable...<br />Import and export using standard XML<br />
Auditing – Lookups/Translations<br />Perform lookups/translations at the time of audit<br />Bring in additional data to ma...
Auditing – Detailed and Extensible<br />Highly detailed and extensible audit trail...<br />More than just the who and the ...
Auditing – Version Controlled<br />Audit Policies are automatically version controlled...<br />All previous versions of au...
Auditing – Database Wide<br />Auditing is not limited to Oracle E-Business data, you can audit any data that is accessible...
Auditing – Powerful Query Tool<br />CS*Audit reporting...<br />Answer questions like “who changed the Users table last in ...
Auditing – Powerful Query Tool<br />CS*Audit reporting...<br />Drill down by Year, Month, Day and Time<br />
Auditing – Powerful Query Tool<br />CS*Audit reporting...<br />Drill down by Class, Set, Entity hierarchy<br />
Auditing – Report<br />CS*Audit reporting...<br />Print audit data...<br />
Key Benefits<br />CS*Audit brings many benefits...<br />Out of the Box Solution<br />Substantial Time Savings<br />Conside...
Q&A<br />Q&A<br />
Upcoming SlideShare
Loading in …5
×

Cs Comply And Audit V1.6

1,105 views

Published on

SOD and Auditing Solution for Oracle EBS

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,105
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cs Comply And Audit V1.6

  1. 1.
  2. 2. Agenda<br />Introduction<br />Problem Statement/Business Challenges<br />Introducing CS*Comply<br />Features at a glance<br />Enterprise Packs<br />Examples/Screenshots<br />Live Demonstration<br />Key Benefits/Value Proposition<br />Q&A<br />
  3. 3. Problem Statement/Business Challenges<br />Oracle E-Business Suite is very complex<br />Thousands of users<br />Hundreds of responsibilities<br />Thousands of functions<br />Thousands of menus<br />Potentially millions of access combinations<br />Lack of Access Controls<br />Too many privileged users<br />Effective SOD is difficult to achieve and maintain (if not impossible)<br />Multi-faceted...<br />Conflicting function pairs<br />High-risk single functions (SQL Forms)<br />Functions exposing sensitive data<br />
  4. 4. Problem Statement/Business Challenges<br />Look for suite that offers...<br />Handling of both traditional SOD risks as well as sensitive functions<br />Multiple preventive controls<br />Ability to use rules in preventive and detective mode<br />That does not require additional hardware/software<br />Simple installation and reduced implementation<br />Look for a company that offers...<br />Risk-based content<br />One-stop shop for compliance needs<br />Offers more than just traditional SOD and auditing<br />Offers pre-seeded solutions to real EBS issues<br />
  5. 5. CaoSys Solution Suite<br />A comprehensive suite of solutions...<br />Improving efficiency with productivity solutions<br />Delivering assurance through compliance<br />
  6. 6. Introducing<br />
  7. 7. Introducing CS*Comply<br />CS*Comply is a class leading solution for implementing your user access/SOD controls in Oracle E-Business Suite.<br /> CS*Comply helps ensure that the risks associated with inappropriate access are mitigated without delay. <br />
  8. 8. Advantages of CS*Comply<br />Advantages over other solutions...<br />Beyond SOD: Comprehensive solution to address all User Access Control risks – SOD, Single Function, Sensitive Data<br />Ability to put individual rules in Preventive mode while leaving others in Detective mode<br />Automation of other control issues such as password control/monitoring<br />Other best practices such as monitoring of generic users, high risk responsibilities, policy exceptions, high risk single functions, high risk SOD rules<br />Embedded into Oracle EBS<br />Fast installation and implementation<br />Greatly reduced costs<br />
  9. 9. Advantages of CS*Comply<br />CS*Comply addresses all issues in the problem statement and more...<br />Powerful and comprehensive SOD solution<br />Protects conflicts pairs<br />Deals with high risk single functions<br />Guard forms that expose sensitive data<br />Comprehensive SOD matrix available…<br />More than 600 rules covering well over 45,000 known function based risks in Oracle EBS<br />Cost Effective<br />Low cost<br />Reduced implementation/configuration further reducing costs<br />Time effective<br />Installation – Typically less than 1 hour<br />Can be effective from day one<br />Reduced implementation/configuration<br />
  10. 10. At a Glance – Access Controls/SOD<br />Very fast Conflict Scanning Engine <br />100% integrated into Oracle E-Business Suite <br />Multiple Preventive controls<br />Detective mode controls<br />Access Request system <br />Built-in Notification Engine<br />Rank based Alert system <br />Violation processing by user, responsibility and rule<br />Comprehensive and easy to use reporting with the Conflict Enquirer <br />Several interactive violation inquiry screens <br />Setup and violation reports<br />AccessGuard for brute force access control <br />Entity based function grouping <br />
  11. 11. At a Glance – Access Controls/SOD<br />Multiple approvers <br />Class driven conflict matrix <br />User/Responsibility/Menu Exception system <br />Handles common false positive…<br />View only menus<br />Query only functions<br />Buyer/Shipping Functions<br />XML support for export/importing content<br />User friendly <br />Simple to install<br />Native look and feel <br />Integrated with CS*Applications <br />Available for 11i and R12 (supports R12’s proxy functionality)<br />
  12. 12. At a Glance – Best Practices/CCM<br />Define password expiration policy globally<br />Restricted users screen for changing passwords only (optional, no cost)<br />Restricted users screen for creating new users only (optional, no cost)<br />Find users without password expiration policy<br />Password policy violations<br />Users logged in multiple times<br />Users linked to multiple employees<br />Generic login responsibility assignments<br />Users with high risk responsibilities<br />High risk responsibility user tracking (Professional Forms & OAF)<br />High Risk Concurrent Program Usage Tracking<br />Various User/Function/Menu/Responsibility <br />Delegation Monitoring<br />Worklist Access, Vacation Rules<br />
  13. 13. Access Control/SOD Enterprise Packs<br />Pre-seeded content (optional)...<br />Covering well over 45,000 known function conflicts/risks<br />Traditional SOD – Conflicting function pairs<br />Beyond SOD – Common and often overlooked conflict pairs<br />Sensitive Data – Highly sensitive data<br />High Risk Single Functions<br />Including all known SQL forms<br />Ready to go out of the box<br />
  14. 14. Access Controls/SOD - Example<br />The System Administrator Responsibilities function is a typical function to which access should be restricted, we will now show you a number of screenshots demonstrating how CS*Complyhelps you implement your Access Controls.<br />
  15. 15. Conflict Matrix<br />For this example, Responsibilities is listed as a high risk single function<br />
  16. 16. Conflict Scanning Engine<br />Conflict Scanning Engine (CSE)...<br />Scan system existing conflicts<br />Invoke interactively or concurrently<br />Very fast<br />Run by rule, by class, by user and for the whole system<br />No baseline/snapshot needed<br />
  17. 17. Conflict Enquirer<br />Conflict Enquirer – provides fast and detailed analysis of conflicts...<br />Intra/Inter responsibility<br />Intra/Inter menu<br />By Responsibility<br />By User<br />By Rule<br />By Menu<br />By Function<br />Common False Positives<br />Menu Visibility<br />Single Function/Conflicts Pairs<br />
  18. 18. Conflict Analysis - Conflict Enquirer<br />
  19. 19. Conflict Analysis - Conflict Enquirer<br />
  20. 20. Conflict Inquiry/Reporting<br />Conflicts inquiry/reporting...<br />Intra-responsibility<br />Intra-menu<br />By Rule<br />By Responsibility<br />By User<br />By Function<br />By Function Group<br />By Class<br />…more<br />
  21. 21. Real-Time Prevention & Access Requests<br />Real-Time Prevention for Professional Forms based screens at the time of access (and OAF pages depending on release)...<br />Before, during and after remediation<br />Go live before, during or after remediation<br />
  22. 22. Real-Time Notification<br />Real-Time Notification...<br />Sent to authorisers<br />Sent to user making request<br />
  23. 23. Access Requests<br />Access Requests (for Professional Forms)...<br />Authorise, Deny or Revoke<br />Authorise on a temporary basis (automatically expires)<br />Notification Group members notified of authorisations<br />
  24. 24. Responsibility Assignment Prevention<br />Responsibility assignments that would result in a conflict are prevented in real-time<br />
  25. 25. AccessGuard<br />AccessGuard...<br />Instant brute force prevention<br />Access by exception only<br />Protects Professional Forms (and OAF Pages depending on release)<br />Included with CS*Comply<br />
  26. 26. Best Practice/CCM Examples<br />Password control/monitoring…<br />Set Password Policy globally<br />Users without password policy<br />Password policy violations<br />
  27. 27. Best Practice/CCM Examples<br />User/Employee monitoring...<br />Users not linked to an employee<br />Employees linked to multiple users<br />Users logged in more than once<br />…many more<br />
  28. 28. Best Practice/CCM Examples<br />Login/Responsibility monitoring…<br />Users with high risk responsibilities<br />Generic login responsibility assignments<br />…many more<br />
  29. 29. Best Practice/CCM Examples<br />Concurrent Program monitoring…<br />High risk concurrent program usage tracking<br />Users with high risk concurrent program access<br />
  30. 30. Best Practice/CCM Examples<br />Delegation monitoring…<br />Worklist access<br />Vacation rules<br />
  31. 31. Demonstration<br />
  32. 32. Key Benefits/Value Proposition<br />CS*Comply brings many benefits...<br />Out of the Box Solution<br />Substantial Time Savings<br />Considerable Cost Savings<br />Tightly Integrated<br />Reduced Burden on IT<br />Unique functionality<br />Very easy to use<br />Fully embedded into Oracle E-Business Suite<br />Native look and feel, users feel at home<br />No external tools to get to grips with<br />Developed (in-part) using our own Extreme RAD tool, CS*Form – easy and very fast to enhance and extend<br />Simple installation (the whole suite installs in less than 1 hour)<br />Rapid implementation<br />Rapid return on investment<br />
  33. 33. GRC Webinar Series<br />
  34. 34. Introducing<br />
  35. 35. Problem Statement<br />Inadequate auditing in standard audit trail<br />Lack of fine grained auditing resulting in audit overkill <br />Querying audit data is arduous<br />Data growth / management issues<br />Audit trail not understandable due to lack of metadata from other tables <br />Same issue with log based solutions who can't grab data from other tables when writing the audit records<br />A proper audit trail is critical for reliance on application controls under Auditing Standard 5<br />Certain forms without a proper audit trail leaves you exposed to fraud<br />Tracking of activity in SQL forms is an essential IT General Control <br />
  36. 36. Problem Statement<br />GRC/auditing solutions are typically expensive<br />Achieving compliance (SOX, PCI...etc) can be a time consuming and very costly task<br />Many solutions are difficult to use out of the box<br />Lengthy implementation/configuration<br />
  37. 37. An Alternate Solution<br />CS*Audit addresses all issues in the problem statement...<br />Fine-grained and rule driven audit solution<br />Hierarchical, fine grained and rule driven audit polices<br />Comprehensive audit details captured<br />Easy to use query tool<br />Over 100 audit policies defined out of the box<br />Cost Effective<br />Low cost<br />Reduced implementation/configuration further reducing costs<br />Time effective<br />Installation – 1 hour<br />Effective from day one<br />Reduced implementation/configuration<br />
  38. 38. At a Glance – Auditing<br />Transactional data auditing<br />Database wide auditing<br />Structured, rule driven auditing<br />Fine grained auditing<br />Detailed and extensible audit trail<br />User friendly auditing<br />On-screen/off-screen audit enquiry<br />Security conscious<br />Transportable audit solutions (via XML)<br />Pre-seeded audit solutions<br />Over 100 audit solution already defined<br />
  39. 39. Audit Enterprise Packs<br />Pre-seeded content...<br />Including more than 100 tables to audit<br />Covering over 2,000 data points<br />Common data translations included<br />Ready to go out of the box<br />
  40. 40. How <br />CaoSys solutions <br />address your audit requirements<br />
  41. 41. Auditing - Example<br />The Users table within the Oracle Business Suite is a typical table that you should audit; here we have a number of screenshots demonstrating the auditing capabilities of CS*Audit.<br />
  42. 42. Auditing - Hierarchical<br />Audit policies are hierarchical<br />Classes and Sets of audit entities for easy management<br />
  43. 43. Auditing – Full Control<br />Choose what to audit...<br />Inserts<br />Deletes <br />Updates<br />
  44. 44. Auditing – Fine Grained & Rule Driven<br />Audit policies are fine grained and rule driven...<br />Check criteria before auditing (i.e. invoice greater than $1000)<br />Additional context used to determine audit (i.e. Only audit within a specific responsibility)<br />Helps prevent audit-overkill<br />Self managing audit data (auto-purge)<br />
  45. 45. Auditing – Hierarchical Rules<br />Audit rules can be applied at multiple levels... <br />Set level<br />Class level<br />
  46. 46. Auditing – Security Conscious<br />Control who can view audit data from within the CS*Audit Enquirer<br />Clone setup to all Entities in same Set or Class<br />
  47. 47. Auditing – Transportable<br />Audit policies are easily transportable...<br />Import and export using standard XML<br />
  48. 48. Auditing – Lookups/Translations<br />Perform lookups/translations at the time of audit<br />Bring in additional data to make audit data more meaningful<br />
  49. 49. Auditing – Detailed and Extensible<br />Highly detailed and extensible audit trail...<br />More than just the who and the when<br />Include any number of lookup values during the audit transaction (i.e. grab vendor name as well as vendor ID)<br />Includes a number of predefined attributes such as hostname, DB domain...etc<br />Clone setup to all Entities in same Set or Class<br />
  50. 50. Auditing – Version Controlled<br />Audit Policies are automatically version controlled...<br />All previous versions of audit policy retained<br />All previously audited data is retained even if policy definition is changed<br />
  51. 51. Auditing – Database Wide<br />Auditing is not limited to Oracle E-Business data, you can audit any data that is accessible from within the database. <br />Audit data from within any module of the Oracle E-Business Suite, for example you may want to audit the AOL or the data within Payables or Purchasing.<br />Audit custom data for any table within the Oracle database.<br />
  52. 52. Auditing – Powerful Query Tool<br />CS*Audit reporting...<br />Answer questions like “who changed the Users table last in the last 12 hours from within a the System Administrator responsibility”<br />Very easy to use<br />
  53. 53. Auditing – Powerful Query Tool<br />CS*Audit reporting...<br />Drill down by Year, Month, Day and Time<br />
  54. 54. Auditing – Powerful Query Tool<br />CS*Audit reporting...<br />Drill down by Class, Set, Entity hierarchy<br />
  55. 55. Auditing – Report<br />CS*Audit reporting...<br />Print audit data...<br />
  56. 56. Key Benefits<br />CS*Audit brings many benefits...<br />Out of the Box Solution<br />Substantial Time Savings<br />Considerable Cost Savings<br />Embedded with Oracle E-Business Suite<br />Integrated with CS*Applications<br />Reduced Burden on IT<br />Installed and auditing within a couple of hours<br />
  57. 57. Q&A<br />Q&A<br />

×