50 likes | 174 Views
CUNY-CIS InfoSec Team. Functional Project Manager (s). University Information Security Director. ERP Campus Executive. University & Campus Administration. ERP Project Director. Manager, PeopleSoft Application Security. CUNY-CIS InfoSec Team. Security Policy & Procedure Adoption
E N D
CUNY-CIS InfoSec Team Functional Project Manager (s) University Information Security Director ERP Campus Executive University & Campus Administration ERP Project Director Manager, PeopleSoft Application Security CUNY-CIS InfoSec Team • Security Policy & Procedure Adoption • Approver of new & modified Role & Permission Lists content • Approver of changes to universal security settings • Compliance recertification Application Security Liaison Functional Liaisons Campus & Central Office Campus & Central Office • University application security policy & procedure development • Security Settings Change Management • Exception Request Review • Compliance & Certification Program including Review of Security at Campuses • Audit of Transaction Logs • Peoplesoft Security Training & Awareness • User enrollment & De-provisioning • Approval of Role & Permission List assignment to Profiles • Central point of contact for application security • Campus Security Procedures (e.g. Profile maintenance) • Document Security Environment • Issues & Exception Management • Review of Access • Compliance, Re-certification Statement Application Security Management Key Stakeholders Roles, Responsibilities &Relationships5 February 2008, V3.1
Application Security Liaison • Project Expectations • Attend CUNYFIRST application security design, implementation and training meetings • Build application security community at your College (functional liaisons, campus executives, project managers) • Work proactively with the Manager, PeopleSoft Application Security and the CUNYFIRST project teams to build toward and meet go-live dates • Participate in project deliverables development as necessary • Participate in the testing of application security • Work through changing environment and ambiguities as they arise • Are significant contributors to CUNYFIRST
Application Security Liaison (2) Operational Expectations • Facilitate the management of application security at the Campus as the central point of contact • Maintain user profiles based upon approval of functional liaisons • Individual profile changes • Bulk user identity data loads • Maintain up-to-date documentation of security environment including written operating procedures • Fall & Spring security reviews and written compliance certification (working with College VP Administration) • Report security violations and non-compliance situations • Request and justify exceptions to content of PeopleSoft role definitions and permission lists
Manager, PeopleSoft Application Security (3) High-Priority focus areas • Build the application security community and maintain healthy collaboration with the Oracle security team and the application security liaisons • Training (for self and application security liaisons) • Implement application security governance model • Provide baseline operating procedures • Collaborate with Oracle on CUNYFIRST application security design and implementation meetings • Oracle deliverables review and approval • Participate in the testing of application security • Participate in CUNYFIRST project status meetings • Commitment to successful go-live dates, keep activities on track • Participate in addressing network infrastructure security issues if and when they arise