SlideShare a Scribd company logo

Segregation of Duties and Sensitive Access as a Service

Download as PPTX, PDF
Smart ERP Solutions, Inc.
Smart ERP Solutions, Inc.

Segregation of Duties and Sensitive Access as a Service Description This webinar highlighted the key risks in your PeopleSoft Applications, including PII, Sensitive Data, and Segregation of Duty Risks. We took a look at the key Application controls, from Components/Pages to User Preferences and Workflow Approval. If you are approaching Audit season, we also covered our unique Access Review as a Service, with no software to deploy in exchange for powerful and insightful reports as to the effectiveness of your current controls. Finally, we took a look at PII's use in your Applications and the process of governing this access in light of legislation such as GDPR and CCPA.

Software
1 of 29
Implementing Security and Controls in PeopleSoft – Best Practices
Introductions • Lewis Hopkins – working with Security and Controls in Oracle Applications since 2003. • Designing and implementing solutions for Segregation of Duties, Sensitive Access and Audit/Internal Controls
Security and Control Points
Poll Do you currently perform Security Analysis over PeopleSoft? • We don’t • Manual • Query/SpreadSheet based • Semi Automated • Fully Automated
Cohesion Communication – Typically Business Users don’t understand the Application. Technical Users don’t understand the Risks. Business Users Technical Users Responsibility and Ownership “Foxes watching the Hen House”
‘Super User’ Access • Don’t rely on PSADMIN or VP1 generic logins without controls Options for management: • Break Glass • Individual User Logins
Individual User Logins Employee’s request access to Production, Sys Admin unlocks their account and grants the Roles required for diagnosis. At the end of the process, the User’s account is locked again.
One more thing… Always worth Auditing User Profiles, Roles/Permission Lists in PeopleSoft. Low transaction, high impact
Role Assignments Too many Roles = too many Risks/too difficult to answer who has access to what We’ve seen: 160+ Roles per User 12-24 months before Security is regarded as a mess Are Role Assignments going through a change request?
Access Definitions Security too complex – not ‘Business friendly’ Ensure new/copied Security is easy to read Re-Use where possible, for example: Sign on process Delivered Roles have Security issues and please secure ALLPAGES!!
Access Definitions – find the Navigation
Data Security • Row Security limited in PeopleSoft • What to do about PCI or PII? • Field Security, Tokenization, restrict Fields in the Pages, Database Level Security?
Poll How do you report on Sensitive or Personal Information in PeopleSoft? • We don’t • Manually • Haven’t been able to • Use Scripts to pull data
Is this a good or a bad thing to have?
Opportunities for Securing Data For Query: Create Roles/Permission Lists for accessing this Data Secure them against the Fields you use & the Queries for accessing this information • Pros: Accountability – track the Roles that have access • Cons: Can leave out other data required from a table For Access: Use Database level Security to Secure or Obfuscate the Data • Pros: Total Security at the Data level • Cons: May need each User to have a DB level User If one DB User, what about Self Service Users?
Production Do’s and Don’ts • Data Mover and Configuration/Development processes– secure them! • Submission of Jobs • Copy of Production for testing and simulation – Who wants to refresh every day? • Don’t rely on Auditing – The Horse may have bolted already!
Production Do’s and Don’ts • Separate Configuration from Transactions • Segregation of Duties and Access Analysis – OMB – NIST – SOX Compliance is forcing Organizations to change their Approach to ERP Security and Controls
Smart ERP Security as a Service
Access and SoD Subscription • Analysis of Security for efficiency • Power User & Third Party access • Segregation of Duties • PII and Sensitive Data Access • Reports, Recommendations and Project Management
Access Levels Evaluated Users/OPRIDs Roles Permission Lists Components Pages Buyers User Preferences Workflow Approval
Rules CPA staff maintain ruleset and provide advisory Rule Maintenance and Controls Assessment through subscription
Access and SoD Reporting as a Service Extract Data from PeopleSoft Import into Smart ERP Run Analysis No PII or Sensitive Data is taken
Access and SoD Reporting • Users and their SoD Violations • Power User Access • Sensitive Access • PII Access Reports and Remediation
Benefits • Report on who has access to what in plain ‘English’ • Identify and Remediate Users with too much access • Enforce strong Data Security Policies • Comply with legislation and reduce costs Reporting and Data Security as it should be..
Exceptions Sometimes Users need to break the rules… VP’s, Power Users, Limited Staff, etc All Exceptions are stored for future reference, and Reports available
Achieve Best-In-Class Security and Controls Solutions • Segregation of Duties/Access Reporting • Access Provisioning • Transaction Monitoring • Configuration Monitoring Services • Security and Configuration ‘Scans’ • Security Design and Implementation • Training & Review
For more information: www.smarterp.com Lewis.Hopkins@smarterp.com

Recommended

3 Ways to Overcome Your Interface Challenges
3 Ways to Overcome Your Interface Challenges3 Ways to Overcome Your Interface Challenges
3 Ways to Overcome Your Interface ChallengesIatric Systems
 
Arch Review Check List
Arch Review Check ListArch Review Check List
Arch Review Check ListJoe Francis
 
Requirements engineering
Requirements engineeringRequirements engineering
Requirements engineeringAyaz Shariff
 
Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Evgeniy Labunskiy
 
Internal Control Considerations Middleware Technologies2
Internal Control Considerations Middleware Technologies2Internal Control Considerations Middleware Technologies2
Internal Control Considerations Middleware Technologies2Kumar Setty, HCISPP, CISA, CCSK, ITIL, CHSP
 
Comply
Comply Comply
Comply Guy Vinograd ☁
 
Bio-T -
Bio-T -Bio-T -
Bio-T -Guy Vinograd ☁
 
Sumedh-CURRICULAM VITAE
Sumedh-CURRICULAM VITAESumedh-CURRICULAM VITAE
Sumedh-CURRICULAM VITAESumedh Thorat
 

Recommended

3 Ways to Overcome Your Interface Challenges
3 Ways to Overcome Your Interface Challenges3 Ways to Overcome Your Interface Challenges
3 Ways to Overcome Your Interface ChallengesIatric Systems
 
Arch Review Check List
Arch Review Check ListArch Review Check List
Arch Review Check ListJoe Francis
 
Requirements engineering
Requirements engineeringRequirements engineering
Requirements engineeringAyaz Shariff
 
Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Evgeniy Labunskiy
 
Internal Control Considerations Middleware Technologies2
Internal Control Considerations Middleware Technologies2Internal Control Considerations Middleware Technologies2
Internal Control Considerations Middleware Technologies2Kumar Setty, HCISPP, CISA, CCSK, ITIL, CHSP
 
Comply
Comply Comply
Comply Guy Vinograd ☁
 
Bio-T -
Bio-T -Bio-T -
Bio-T -Guy Vinograd ☁
 
Sumedh-CURRICULAM VITAE
Sumedh-CURRICULAM VITAESumedh-CURRICULAM VITAE
Sumedh-CURRICULAM VITAESumedh Thorat
 
Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement SpecificationVishal Singh
 
Sadhana Prasad_Resume_2016
Sadhana Prasad_Resume_2016Sadhana Prasad_Resume_2016
Sadhana Prasad_Resume_2016Sadhana Prasad
 
Capturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsCapturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsShehzad Lakdawala
 
Online auction system srs riport
Online auction system srs riportOnline auction system srs riport
Online auction system srs riportDilip Prajapati
 
Functional and non functional
Functional and non functionalFunctional and non functional
Functional and non functionalDikshyanta Dhungana
 
Eliciting Non-Functional Requirements
Eliciting Non-Functional RequirementsEliciting Non-Functional Requirements
Eliciting Non-Functional RequirementsLisa Combest
 
Website's functional and non functional requirements
Website's functional and non functional requirementsWebsite's functional and non functional requirements
Website's functional and non functional requirementsOZ Assignment Help Australia
 
Develop a process model
Develop a process modelDevelop a process model
Develop a process modelInternational Center for Chemical & Biological Sciences
 
staff_performance_formb
staff_performance_formbstaff_performance_formb
staff_performance_formbTimothy Olson
 
Se lec-uosl-8
Se lec-uosl-8Se lec-uosl-8
Se lec-uosl-8Shahzad Zaman
 
Resume_Prachi_Rattan_2016
Resume_Prachi_Rattan_2016Resume_Prachi_Rattan_2016
Resume_Prachi_Rattan_2016Prachi Rattan
 
mEDC_Single
mEDC_SinglemEDC_Single
mEDC_SingleRaghuveer Swarnapuri
 
5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under ControlIatric Systems
 
Ehr usability
Ehr usabilityEhr usability
Ehr usabilityHatem Hussain
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security Smart ERP Solutions, Inc.
 
Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSmart ERP Solutions, Inc.
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsSmart ERP Solutions, Inc.
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsJane Jones
 

More Related Content

What's hot

Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement SpecificationVishal Singh
 
Sadhana Prasad_Resume_2016
Sadhana Prasad_Resume_2016Sadhana Prasad_Resume_2016
Sadhana Prasad_Resume_2016Sadhana Prasad
 
Capturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsCapturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsShehzad Lakdawala
 
Online auction system srs riport
Online auction system srs riportOnline auction system srs riport
Online auction system srs riportDilip Prajapati
 
Eliciting Non-Functional Requirements
Eliciting Non-Functional RequirementsEliciting Non-Functional Requirements
Eliciting Non-Functional RequirementsLisa Combest
 
Website's functional and non functional requirements
Website's functional and non functional requirementsWebsite's functional and non functional requirements
Website's functional and non functional requirementsOZ Assignment Help Australia
 
staff_performance_formb
staff_performance_formbstaff_performance_formb
staff_performance_formbTimothy Olson
 
Resume_Prachi_Rattan_2016
Resume_Prachi_Rattan_2016Resume_Prachi_Rattan_2016
Resume_Prachi_Rattan_2016Prachi Rattan
 
5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under ControlIatric Systems
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 

What's hot (15)

Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement Specification
 
Sadhana Prasad_Resume_2016
Sadhana Prasad_Resume_2016Sadhana Prasad_Resume_2016
Sadhana Prasad_Resume_2016
 
Capturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsCapturing Measurable Non Functional Requirements
Capturing Measurable Non Functional Requirements
 
Online auction system srs riport
Online auction system srs riportOnline auction system srs riport
Online auction system srs riport
 
Functional and non functional
Functional and non functionalFunctional and non functional
Functional and non functional
 
Eliciting Non-Functional Requirements
Eliciting Non-Functional RequirementsEliciting Non-Functional Requirements
Eliciting Non-Functional Requirements
 
Website's functional and non functional requirements
Website's functional and non functional requirementsWebsite's functional and non functional requirements
Website's functional and non functional requirements
 
Develop a process model
Develop a process modelDevelop a process model
Develop a process model
 
staff_performance_formb
staff_performance_formbstaff_performance_formb
staff_performance_formb
 
Se lec-uosl-8
Se lec-uosl-8Se lec-uosl-8
Se lec-uosl-8
 
Resume_Prachi_Rattan_2016
Resume_Prachi_Rattan_2016Resume_Prachi_Rattan_2016
Resume_Prachi_Rattan_2016
 
mEDC_Single
mEDC_SinglemEDC_Single
mEDC_Single
 
5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control5 Ways to Keep Your Interface Projects Under Control
5 Ways to Keep Your Interface Projects Under Control
 
Ehr usability
Ehr usabilityEhr usability
Ehr usability
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 

Similar to Segregation of Duties and Sensitive Access as a Service

Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSmart ERP Solutions, Inc.
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsSmart ERP Solutions, Inc.
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsJane Jones
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliancesAhmadi Madi
 
10-3 Clinical Informatics System Selection & Implementation
10-3 Clinical Informatics System Selection & Implementation10-3 Clinical Informatics System Selection & Implementation
10-3 Clinical Informatics System Selection & ImplementationCorinn Pope
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security OverviewNoah Jaehnert
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Confessions of an Internal Auditor: IT Edition
Confessions of an Internal Auditor: IT EditionConfessions of an Internal Auditor: IT Edition
Confessions of an Internal Auditor: IT EditionBrad Adams
 
People soft risks and controls for educational institutions
People soft risks and controls for educational institutionsPeople soft risks and controls for educational institutions
People soft risks and controls for educational institutionsSmart ERP Solutions, Inc.
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 

Similar to Segregation of Duties and Sensitive Access as a Service (20)

SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
 
Segregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinarSegregation of Duties and Sensitive Access as a Service webinar
Segregation of Duties and Sensitive Access as a Service webinar
 
Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017Implementing security and controls in people soft best practices - may 2017
Implementing security and controls in people soft best practices - may 2017
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
 
10-3 Clinical Informatics System Selection & Implementation
10-3 Clinical Informatics System Selection & Implementation10-3 Clinical Informatics System Selection & Implementation
10-3 Clinical Informatics System Selection & Implementation
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Co p
Co pCo p
Co p
 
Co p
Co pCo p
Co p
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Confessions of an Internal Auditor: IT Edition
Confessions of an Internal Auditor: IT EditionConfessions of an Internal Auditor: IT Edition
Confessions of an Internal Auditor: IT Edition
 
People soft risks and controls for educational institutions
People soft risks and controls for educational institutionsPeople soft risks and controls for educational institutions
People soft risks and controls for educational institutions
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
Samyuktha Javangula
Samyuktha JavangulaSamyuktha Javangula
Samyuktha Javangula
 

More from Smart ERP Solutions, Inc.

Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Smart ERP Solutions, Inc.
 
Transforming Financial Insights with Oracle EPM
Transforming Financial Insights with Oracle EPMTransforming Financial Insights with Oracle EPM
Transforming Financial Insights with Oracle EPMSmart ERP Solutions, Inc.
 
Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive Innovation Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive InnovationSmart ERP Solutions, Inc.
 
Best Practices to Modernizing your Oracle Applications
Best Practices to Modernizing your Oracle ApplicationsBest Practices to Modernizing your Oracle Applications
Best Practices to Modernizing your Oracle ApplicationsSmart ERP Solutions, Inc.
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart ERP Solutions, Inc.
 
PeopleSoft Webinar - Configure vs. Customize Page and Field Configurator
PeopleSoft Webinar - Configure vs. Customize Page and Field ConfiguratorPeopleSoft Webinar - Configure vs. Customize Page and Field Configurator
PeopleSoft Webinar - Configure vs. Customize Page and Field ConfiguratorSmart ERP Solutions, Inc.
 
No One Size Fits All - Form I-9 and E-Verify presentation from the DHS
No One Size Fits All - Form I-9 and E-Verify presentation from the DHSNo One Size Fits All - Form I-9 and E-Verify presentation from the DHS
No One Size Fits All - Form I-9 and E-Verify presentation from the DHSSmart ERP Solutions, Inc.
 
E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...
E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...
E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...Smart ERP Solutions, Inc.
 
Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...
Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...
Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...Smart ERP Solutions, Inc.
 
Configure Versus Customize: Using PeopleSoft Page and Field Configurator
Configure Versus Customize: Using PeopleSoft Page and Field ConfiguratorConfigure Versus Customize: Using PeopleSoft Page and Field Configurator
Configure Versus Customize: Using PeopleSoft Page and Field ConfiguratorSmart ERP Solutions, Inc.
 
Managed Services - Small, Medium, or Large - what's the best fit for your org...
Managed Services - Small, Medium, or Large - what's the best fit for your org...Managed Services - Small, Medium, or Large - what's the best fit for your org...
Managed Services - Small, Medium, or Large - what's the best fit for your org...Smart ERP Solutions, Inc.
 
Convert manual paper-based business processes into automated paperless
Convert manual paper-based business processes into automated paperlessConvert manual paper-based business processes into automated paperless
Convert manual paper-based business processes into automated paperlessSmart ERP Solutions, Inc.
 
3 steps to successfully analyzing your PeopleSoft Security for Segregation of...
3 steps to successfully analyzing your PeopleSoft Security for Segregation of...3 steps to successfully analyzing your PeopleSoft Security for Segregation of...
3 steps to successfully analyzing your PeopleSoft Security for Segregation of...Smart ERP Solutions, Inc.
 
Alert Framework - Alert your organization to errors, changes, and stalled tra...
Alert Framework - Alert your organization to errors, changes, and stalled tra...Alert Framework - Alert your organization to errors, changes, and stalled tra...
Alert Framework - Alert your organization to errors, changes, and stalled tra...Smart ERP Solutions, Inc.
 
Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...
Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...
Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...Smart ERP Solutions, Inc.
 

More from Smart ERP Solutions, Inc. (20)

Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2
 
Transforming Financial Insights with Oracle EPM
Transforming Financial Insights with Oracle EPMTransforming Financial Insights with Oracle EPM
Transforming Financial Insights with Oracle EPM
 
Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive Innovation Maximize your Oracle Cloud Investment and Drive Innovation
Maximize your Oracle Cloud Investment and Drive Innovation
 
SmartERP Oracle Capabilities 2023.pptx
SmartERP Oracle Capabilities 2023.pptxSmartERP Oracle Capabilities 2023.pptx
SmartERP Oracle Capabilities 2023.pptx
 
Best Practices to Modernizing your Oracle Applications
Best Practices to Modernizing your Oracle ApplicationsBest Practices to Modernizing your Oracle Applications
Best Practices to Modernizing your Oracle Applications
 
Manufactures whats keeping you up
Manufactures whats keeping you upManufactures whats keeping you up
Manufactures whats keeping you up
 
The Fully Automated Enterprise (RPA)
The Fully Automated Enterprise (RPA)The Fully Automated Enterprise (RPA)
The Fully Automated Enterprise (RPA)
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022
 
PeopleSoft Webinar - Configure vs. Customize Page and Field Configurator
PeopleSoft Webinar - Configure vs. Customize Page and Field ConfiguratorPeopleSoft Webinar - Configure vs. Customize Page and Field Configurator
PeopleSoft Webinar - Configure vs. Customize Page and Field Configurator
 
Alert framework2021
Alert framework2021Alert framework2021
Alert framework2021
 
No One Size Fits All - Form I-9 and E-Verify presentation from the DHS
No One Size Fits All - Form I-9 and E-Verify presentation from the DHSNo One Size Fits All - Form I-9 and E-Verify presentation from the DHS
No One Size Fits All - Form I-9 and E-Verify presentation from the DHS
 
E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...
E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...
E-Verify for PeopleSoft - Streamline and automate your Employment Authorizati...
 
Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...
Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...
Pre-board Your New Hires for PeopleSoft - Streamline and automate your pre-bo...
 
Configure Versus Customize: Using PeopleSoft Page and Field Configurator
Configure Versus Customize: Using PeopleSoft Page and Field ConfiguratorConfigure Versus Customize: Using PeopleSoft Page and Field Configurator
Configure Versus Customize: Using PeopleSoft Page and Field Configurator
 
Managed Services - Small, Medium, or Large - what's the best fit for your org...
Managed Services - Small, Medium, or Large - what's the best fit for your org...Managed Services - Small, Medium, or Large - what's the best fit for your org...
Managed Services - Small, Medium, or Large - what's the best fit for your org...
 
Convert manual paper-based business processes into automated paperless
Convert manual paper-based business processes into automated paperlessConvert manual paper-based business processes into automated paperless
Convert manual paper-based business processes into automated paperless
 
3 steps to successfully analyzing your PeopleSoft Security for Segregation of...
3 steps to successfully analyzing your PeopleSoft Security for Segregation of...3 steps to successfully analyzing your PeopleSoft Security for Segregation of...
3 steps to successfully analyzing your PeopleSoft Security for Segregation of...
 
Alert Framework - Alert your organization to errors, changes, and stalled tra...
Alert Framework - Alert your organization to errors, changes, and stalled tra...Alert Framework - Alert your organization to errors, changes, and stalled tra...
Alert Framework - Alert your organization to errors, changes, and stalled tra...
 
The 6 Biggest Trends for AP Leaders in 2021
The 6 Biggest Trends for AP Leaders in 2021The 6 Biggest Trends for AP Leaders in 2021
The 6 Biggest Trends for AP Leaders in 2021
 
Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...
Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...
Temporary Policy Changes to Form I-9 and E-Verify due to COVID-19 - Remote an...
 

Recently uploaded

Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 

Recently uploaded (20)

Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 

Segregation of Duties and Sensitive Access as a Service

  • 1. Implementing Security and Controls in PeopleSoft – Best Practices
  • 2.
  • 3.
  • 4. Introductions • Lewis Hopkins – working with Security and Controls in Oracle Applications since 2003. • Designing and implementing solutions for Segregation of Duties, Sensitive Access and Audit/Internal Controls
  • 6. Poll Do you currently perform Security Analysis over PeopleSoft? • We don’t • Manual • Query/SpreadSheet based • Semi Automated • Fully Automated
  • 7. Cohesion Communication – Typically Business Users don’t understand the Application. Technical Users don’t understand the Risks. Business Users Technical Users Responsibility and Ownership “Foxes watching the Hen House”
  • 8. ‘Super User’ Access • Don’t rely on PSADMIN or VP1 generic logins without controls Options for management: • Break Glass • Individual User Logins
  • 9. Individual User Logins Employee’s request access to Production, Sys Admin unlocks their account and grants the Roles required for diagnosis. At the end of the process, the User’s account is locked again.
  • 10. One more thing… Always worth Auditing User Profiles, Roles/Permission Lists in PeopleSoft. Low transaction, high impact
  • 11. Role Assignments Too many Roles = too many Risks/too difficult to answer who has access to what We’ve seen: 160+ Roles per User 12-24 months before Security is regarded as a mess Are Role Assignments going through a change request?
  • 12. Access Definitions Security too complex – not ‘Business friendly’ Ensure new/copied Security is easy to read Re-Use where possible, for example: Sign on process Delivered Roles have Security issues and please secure ALLPAGES!!
  • 13. Access Definitions – find the Navigation
  • 14. Data Security • Row Security limited in PeopleSoft • What to do about PCI or PII? • Field Security, Tokenization, restrict Fields in the Pages, Database Level Security?
  • 15. Poll How do you report on Sensitive or Personal Information in PeopleSoft? • We don’t • Manually • Haven’t been able to • Use Scripts to pull data
  • 16. Is this a good or a bad thing to have?
  • 17. Opportunities for Securing Data For Query: Create Roles/Permission Lists for accessing this Data Secure them against the Fields you use & the Queries for accessing this information • Pros: Accountability – track the Roles that have access • Cons: Can leave out other data required from a table For Access: Use Database level Security to Secure or Obfuscate the Data • Pros: Total Security at the Data level • Cons: May need each User to have a DB level User If one DB User, what about Self Service Users?
  • 18. Production Do’s and Don’ts • Data Mover and Configuration/Development processes– secure them! • Submission of Jobs • Copy of Production for testing and simulation – Who wants to refresh every day? • Don’t rely on Auditing – The Horse may have bolted already!
  • 19. Production Do’s and Don’ts • Separate Configuration from Transactions • Segregation of Duties and Access Analysis – OMB – NIST – SOX Compliance is forcing Organizations to change their Approach to ERP Security and Controls
  • 20. Smart ERP Security as a Service
  • 21. Access and SoD Subscription • Analysis of Security for efficiency • Power User & Third Party access • Segregation of Duties • PII and Sensitive Data Access • Reports, Recommendations and Project Management
  • 22. Access Levels Evaluated Users/OPRIDs Roles Permission Lists Components Pages Buyers User Preferences Workflow Approval
  • 23. Rules CPA staff maintain ruleset and provide advisory Rule Maintenance and Controls Assessment through subscription
  • 24. Access and SoD Reporting as a Service Extract Data from PeopleSoft Import into Smart ERP Run Analysis No PII or Sensitive Data is taken
  • 25. Access and SoD Reporting • Users and their SoD Violations • Power User Access • Sensitive Access • PII Access Reports and Remediation
  • 26. Benefits • Report on who has access to what in plain ‘English’ • Identify and Remediate Users with too much access • Enforce strong Data Security Policies • Comply with legislation and reduce costs Reporting and Data Security as it should be..
  • 27. Exceptions Sometimes Users need to break the rules… VP’s, Power Users, Limited Staff, etc All Exceptions are stored for future reference, and Reports available
  • 28. Achieve Best-In-Class Security and Controls Solutions • Segregation of Duties/Access Reporting • Access Provisioning • Transaction Monitoring • Configuration Monitoring Services • Security and Configuration ‘Scans’ • Security Design and Implementation • Training & Review