1 / 38

Enhanced XA Security CISTECH Security Solutions

Enhanced XA Security CISTECH Security Solutions. Belinda Daub, Senior Consultant Technical Services belinda.daub@cistech.net 704-814-0004. Agenda. Introduction to Enhanced Security Implementing a Security Model Auditing and Reporting IFM Security Information

carr
Download Presentation

Enhanced XA Security CISTECH Security Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhanced XA SecurityCISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services belinda.daub@cistech.net 704-814-0004

  2. Agenda • Introduction to Enhanced Security • Implementing a Security Model • Auditing and Reporting • IFM Security Information • iSeries Profile and Object Authorities • Prerequisites

  3. Enhanced Security for XA Why is it necessary? • Auditor Requirements • Documented security policy and procedures • Formal approval for user rights • Regular auditing and monitoring • Protect investors, employees, community • CAS Security • Difficult to determine how user has access to tasks • No auditing capability • Risk to productivity when changes are made • iSeries Security • Many factors affect user access to system and objects • No central management tool

  4. Enhanced Security for XA ES can help • Add-on application written using Integrator • Implemented by environment • XA components: • Security Modeling and Planning • Routine Auditing and Reporting • View Current User Rights • iSeries components: • User Profile auditing • Object Authority auditing

  5. Add-on Application using Integrator • Power and Flexibility of the XA Client architecture: • Create views and subsets • Export to Excel

  6. Implemented by environment • Install in each environment • Includes all CAS tasks (if assigned to an area) • Includes IFM Application tasks (in base features only) • Auditing for each environment including IFM task security

  7. Enhanced Security Application Card • Security Model - Create and finalize a new security model • Security Audits - Track changes to security • Current Environment - View current security configuration and user rights in the environment

  8. Security Modeling and Planning • Provides for implementation of new plan • Import users, groups, areas, and tasks from CAS files • Decide what you want to lock • Create groups and authorize to tasks • Assign users to groups • View current and planned user rights • Optional component Note: this is all done in the model – not the live environment

  9. 1. Import Security Components • Import from the current environment: • Users • Groups • Areas and tasks • Group Authorities • Private Authorities • You don’t have • to start from scratch!

  10. 2. Decide what you want to lock • Subsets • Unlocked • Application • Type • Mass Change • Model Template • It’s Easy!

  11. 3. Create groups & authorize to tasks • Subsets • Views • Mass Change • R7 • Quick Change • Append subsets • Model Template • Piece of Cake!

  12. 4. Assign users to groups • Validation • Subsets • User Groups • Group members • Templates • Return-to-create • Your model • is almost ready!

  13. 5. View user rights Current and planned rights A. User being reviewed B. Tasks the user is granted B A C • C. How access was granted • Private (user id) • Group (group id) • Not locked (blank)

  14. Advanced Analysis and Testing • Compare planned versus current rights • View tasks user will no longer have access to • View tasks user could not do before (for approval) • Final Adjustments to the model • Export files to a test environment for user testing • Included with modeling option • Handles security validation stamps Benefits • Reduce risk of affecting user productivity at go live • Resolve issues quickly after plan is implemented

  15. Advanced Analysis • Rights Revoked: • If users need any of these rights to do their jobs, they will be adversely affected when the plan is implemented. • Enhanced Security lets you make sure this won’t happen.

  16. Advanced Analysis Rights Granted: SOX requires that all access be reviewed by authorizing manager. With Enhanced Security, you can export user rights to standard forms for management approval. We can use Integrator to build approvals right in to the application!!!

  17. Testing • Testing is critical to ensure users are not affected by the new plan. • Users from every group • Formal test plan • Enhanced Security provides an export process for moving user rights from the model to an XA environment on the same or different iSeries. • Validation stamps generated • No re-keying

  18. Security Auditing and Reporting • Auditors require regular review of changes to security authorizations • Enhanced Security provides: • Detailed Transaction History • Security Change Audit • Violations to Segregation of Duties • Regular Audit Reports

  19. Routine Auditing and Reporting • Start Auditing • Saves an image of environment security files • Journals are activated on the files • Changes in user rights are extracted from the journals

  20. Detailed Transaction History • Determine how a user has gained access to a task • Quickly identify the area(s) where changes need to be made • Customize views, subsets, and sorts • View or Host Print

  21. Security Change Audits • Net Changes only (since last run) • Navigate to Detailed Transactions that resulted in the change • View or Print Report

  22. Regular Reporting – Scheduled Job Set Audit Options Schedule regular Auditor reports

  23. Security Audit Report • Summarize authority granted to users for the reporting period • From last run date (monthly changes)

  24. Security Audit Reports High-Risk Authority Conflicts • Users who have authority for tasks that auditors define as conflict of interest, for example: • Create a purchase order • Generate an AP check

  25. IFM Security • View and Print • IFM Users • IFM Applications • User Authority to Applications • IFM Application Tasks • User Defaults • User rights to IFM Tasks are shown with CAS application tasks so you can see everything the user can do

  26. IFM Security User Authorities to IFM Applications

  27. IFM Security IFM Application Tasks

  28. IFM Security IFM User Defaults

  29. View user rights All user rights to CAS and IFM Tasks in one place

  30. iSeries Security • User Profiles – view and print • Power Users • Logon Statistics • Password Info • Groups and group membership • Startup Information

  31. iSeries Security iSeries User Profiles – Special Authorities

  32. iSeries Security iSeries User Profiles – Password Information

  33. iSeries Security • Object Authorities – view and print • All objects – all libraries • User rights – display/maintain • XA objects not owned by AMAPICS

  34. iSeries Security iSeries Object Authorities

  35. Prerequisites • Integrator (R6 or R7) • R6 requires new business objects created at installation • OS V5R3 or higher • All functions to be secured must be set up in CAS as tasks and assigned to an area

  36. New Feature • Database File Audit • File being corrupted or changed outside of XA • You need to know who and how it’s done • Turn on auditing for the file • Starts journaling if not already • Extracts information • View who made changes to the file and if they used outside tools to do it (SQL, DFU, and others)

  37. ES Packaging and Pricing • Base Package: • Enhanced Security $9,500.00 • XA Security Views and Reports • IFM Security Views • iSeries Security Views • Installation /Training Services • Three days on-site plus expenses • Optional Features and Services: • Security Model feature $ 4,500.00 • Security Consulting Services $1,600.00/day • Security Audit (2-3 days) • Security Planning and setup (approx 10-15 days)

  38. Thank you! Questions?

More Related