1 / 22

Audit Reporting of Security Controls in PeopleSoft Financials

Audit Reporting of Security Controls in PeopleSoft Financials. Central Ohio Chapter Information Systems Audit and Control Association April 14, 2005. Your Presenters. Brian O’Brien Manager - Data Security

chuong
Download Presentation

Audit Reporting of Security Controls in PeopleSoft Financials

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Audit Reporting of Security Controls in PeopleSoft Financials Central Ohio Chapter Information Systems Audit and Control Association April 14, 2005

  2. Your Presenters Brian O’Brien Manager - Data Security 9 years of PeopleSoft experience with Ohio State’s 1,300 user HRMS and 2,400 user Financials environments Pat O’Connor Senior Systems Engineer Ohio State’s leading technical security expert, has 7 years of PeopleSoft experience, ranging from configuration management and control to security administration

  3. Overview • PeopleSoft Controls • User Accounts • System Settings • System Architecture • Security Audit Review

  4. Database Environment • Oracle9i Release 9.2.0.2.0 - 64bit • HP Hardware – HP-UX 11.0 N Class • Over 50 PeopleSoft Databases

  5. Ohio State and PeopleSoft 5 5

  6. PeopleSoft Controls • Users • Roles • Permission Lists • Pages • Signon Times • Preferences 6 6

  7. System Controls • Password Controls • Inactivity Timeouts 7 7

  8. System Architecture User (browser)  Web Server  App Server  Data Base Server 8 8

  9. Audit Discussion Points • Administrative Access • Password Controls • Audit Trails • Terminated Users • Default PeopleSoft Accounts • Correction Mode Access 9 9

  10. Administrative Access Discussion Point: Access to high level administrative pages is restricted to appropriate personnel. Privileged access includes: • Application Designer • Maintain Security • Tree Manager

  11. Password Controls Discussion Point: PeopleSoft password controls are turned on and configured for the following: • Password expiration • Minimum length • Required special characters

  12. Password Controls

  13. Password Caveat Problem: PeopleSoft’s password encryption algorithm is not strong. Solution: PSOPRDEFN_VW External Authentication

  14. Audit Trails Discussion Point: PeopleSoft Audit Trails are in place for sensitive Activities. Solution: PeopleSoft Audit • Record level • Field level Oracle Audit

  15. Audit Trails

  16. Audit Trails

  17. Terminated Users Discussion Point: The security administrator is notified of employees that have changed roles and responsibilities, transferred or been terminated.

  18. Default PeopleSoft Accounts Discussion Point: The default PeopleSoft user profiles and permission lists have been removed or deactivated.

  19. Correction Mode Access Discussion Point: Use of correction authorized action in PeopleSoft is restricted.

  20. Correction Mode Cleanup Removed Totals

  21. QUESTIONS?

  22. Contacts Brian O’Brien Manager, Data Security Office of Information Technology The Ohio State University E-mail: obrien.9@osu.edu Patrick O’Connor Sr. Systems Engineer Office of Information Technology The Ohio State University E-mail: oconnor.33@osu.edu

More Related