1 / 36

Confidential Data

Upgrade from 8.x to 9.0. Confidential Data. Michael Stutz - Consultant 22 years of IT industry experience 15 years of PeopleSoft experience PeopleSoft v.2.11 – v.9.0 Mostly Technical but some Functional Primary: HRMS / Payroll / Benefits Recently: Campus Solutions

gitel
Download Presentation

Confidential Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Upgrade from 8.x to 9.0 Confidential Data

  2. Michael Stutz - Consultant • 22 years of IT industry experience • 15 years of PeopleSoft experience • PeopleSoft v.2.11 – v.9.0 • Mostly Technical but some Functional • Primary: HRMS / Payroll / Benefits • Recently: Campus Solutions • . . . also some CRM and Financials • Numerous International Banks • Very Large Corporations • Very Small Companies Speaker

  3. Agenda • Who – Who’s data is it anyway? • What – Elements of Concern • Why – Driving Factors • How – Protection in Action • Where – Environments • When – & When Not to! • Tools – Secure, Separate, Scramble • Questions & Answers

  4. WHO – Has Information Applications • HRMS / Payroll / Benefits • Campus Solutions (Student Admin / Financials / Aid) • Financials (GL / AP / AR / etc.) • Customer Relationship Management (CRM) Departments or Parts of the Organization • IT • Call Centers • Marketing • Sales and Sales Operations • HR / Payroll / Benefits • Legal • Finance and Accounting • Research and Development

  5. WHO – Needs Access • Management • Department Heads (Corporate) • Managers with Direct Reports (Line Managers) • Back Office • Human Resources / Payroll / Benefits • Accounting • Corporate Dashboards and Reporting • IT • Developers • Database & Systems Administration • IT Management • Interfaces to Other Organizations

  6. WHO – Is Responsible • Management • Department Heads (Corporate) • Managers with Direct Reports (Line Managers) • Back Office • Human Resources / Payroll / Benefits • Accounting • Corporate Dashboards and Reporting • IT • Developers • Database & Systems Administration • IT Management • Interfaces to Other Organizations Keep Needs, Access, & Responsibility Synchronized

  7. WHAT Elements of Concern • Intellectual Property • Business Confidential Information • Customer and Consumer Data • Employee Data Motion • At Rest • In Transit within Organisation • In Transit on the WWW

  8. WHAT Business Confidential • Business Strategy • Project & Costing • Marketing Plans • Budgets and Forecasts Intellectual Property

  9. WHAT Customer & Consumer • Key Accounts • Contact Information • Product or Service Issues • Contracts

  10. WHAT Employee Data • Social Security Numbers • Dates of Birth • Pay Information • Health Care Information • Dependants & Dependant Information • Company Structure & Internal Contacts

  11. WHY Risks Internal to Organization • Employee Negligence • Malicious Employees • Business Processes Risks External to Organization • Hackers / Theft (Laptops, USB Drives, etc.) • Competition • Sarbanes & Oxley / Basel I & Basel II

  12. WHY Costs • Confidentiality Legal Issues • Loss Competitive Edge • Employee Compensation Issues • Sarbanes & Oxley • Responsibility of Corporations • Basel I & Basel II • Responsibility of Banks • Risk Management

  13. WRITE THIS DOWN . . . www.wikipedia.org

  14. WHY (SOX) • Risk Assessment • Control Environment Culture based on Awareness & Integrity Keeping Balance: “What is our Business?” • Control Activities • Monitoring / Auditing • Information and Communication

  15. Half Way There!

  16. (steps) HOW Create the Culture Define Data Types Identify Who is Responsible and Accountable Reduce Access Maintain Controls Maintain Culture Test

  17. HOW - Create the Culture Addressed at All Levels of Organization (Vertical) Addressed across Corporation (Horizontal) Support of Upper Management (Top Down) Keep the Balance (Mind Your Business!) Cost / Benefit / RISK • Money in your Mattress? • Day-trading Penny Stocks?

  18. HOW - Define Data Types • What is Confidential Data? • How do I Classify my Data?

  19. HOW - Responsible & Accountable Identify those Responsible Identify those Accountable Identify those who need access Designate Authority Accordingly Ensure Responsibility, Accountability, and Authority are properly balanced and applied.

  20. HOW – Reduce Access Reduction of Access • Departmental Segregation • Within IT • Balanced against Cost • Balanced against Effectiveness • Balanced against Trust

  21. HOW – Maintain Controls Access to Data • Application Security • Database Security • Network Security Where is my Data? • Laptops • PDAs • eMail • Internal / External

  22. HOW – Maintain Culture Security Awareness Across The Organization Vertically within Organization KEEPING THE BALANCE!

  23. HOW - Test Audit Ask! White Hat Trigger Monitoring Tools Triage Scenarios MIND YOUR BUSINESS

  24. WHERE

  25. WHERE MODS

  26. WHERE DATA

  27. DATA WHERE METADATA

  28. WHERE FOUNDATION GENERAL DATA CONFIDENTIAL • Data Scrambler • Mockup Data

  29. WHEN Review the Who . . . • Database Administrators • System & Network Administrators • Developers • Management • Back Office

  30. WHEN • Database Administrators • Have Access. Period. • System & Network Administrators • No Application Access • Any and All Reports • Developers • Negotiable! • Management – Application Security • Back Office – Application Security

  31. WHEN - Developers Cost / Benefit / Risk How Many Developers Organization of Developers Production Support Modifications & Testing Database Access

  32. WHEN - Developers DATA

  33. Tools (types) Secure Database Application Separate Applications (HR & Financials) Roles (Centralized vs Normalized) Environments (TST, DEV, TRN) Scramble Select Environments On the Fly

  34. TOOLS - Separate Identify Data Types • SSN • DOB • Compensation • Department (Name & EMPLID Scrambled) Identify Records (Boeing / Princeton) • EMPLID • Compensation • Paycheck (Not keyed by EMPLID)

  35. WRITE THESE DOWN . . . www.heres2u.com (Presentation & Resume) www.sennac.com (RBAC & FURBAC) (Johan Bethlehem)

  36. Questions Contact Information: Michael Stutz (888) 757-2616 http://heres2u.com

More Related