Put your company logo here Confidential Data Upgrade from 8.x to 9.0.
-
Upload
christine-bryan -
Category
Documents
-
view
216 -
download
0
Transcript of Put your company logo here Confidential Data Upgrade from 8.x to 9.0.
Put your company logo here
Confidential Data
Upgrade from 8.x to 9.0
Speaker
• Michael Stutz - Consultant
• 22 years of IT industry experience
• 15 years of PeopleSoft experience
• PeopleSoft v.2.11 – v.9.0
• Mostly Technical but some Functional
• Primary: HRMS / Payroll / Benefits
• Recently: Campus Solutions
• . . . also some CRM and Financials
• Numerous International Banks
• Very Large Corporations
• Very Small Companies
Agenda
• Who – Who’s data is it anyway?
• What – Elements of Concern
• Why – Driving Factors
• How – Protection in Action
• Where – Environments
• When – & When Not to!
• Tools – Secure, Separate, Scramble
• Questions & Answers
WHO – Has InformationApplications
o HRMS / Payroll / Benefitso Campus Solutions (Student Admin / Financials /
Aid)o Financials (GL / AP / AR / etc.)o Customer Relationship Management (CRM)
Departments or Parts of the Organizationo ITo Call Centerso Marketingo Sales and Sales Operationso HR / Payroll / Benefitso Legalo Finance and Accountingo Research and Development
WHO – Needs Access• Management
o Department Heads (Corporate)o Managers with Direct Reports (Line Managers)
• Back Officeo Human Resources / Payroll / Benefitso Accountingo Corporate Dashboards and Reporting
• ITo Developerso Database & Systems Administrationo IT Management
• Interfaces to Other Organizations
WHO – Is Responsible• Management
o Department Heads (Corporate)o Managers with Direct Reports (Line Managers)
• Back Officeo Human Resources / Payroll / Benefitso Accountingo Corporate Dashboards and Reporting
• ITo Developerso Database & Systems Administrationo IT Management
• Interfaces to Other Organizations
Keep Needs, Access, & Responsibility Synchronized
WHAT
Elements of ConcernoIntellectual PropertyoBusiness Confidential Information
oCustomer and Consumer Data
oEmployee Data
MotionoAt RestoIn Transit within OrganisationoIn Transit on the WWW
WHAT
Intellectual PropertyBusiness Confidential
oBusiness StrategyoProject & CostingoMarketing PlansoBudgets and Forecasts
WHAT
Customer & ConsumeroKey AccountsoContact InformationoProduct or Service IssuesoContracts
WHAT
Employee DataoSocial Security NumbersoDates of BirthoPay InformationoHealth Care InformationoDependants & Dependant Information
oCompany Structure & Internal Contacts
WHY
Risks Internal to Organization
• Employee Negligence
• Malicious Employees
• Business Processes
Risks External to Organization
• Hackers / Theft (Laptops, USB Drives, etc.)
• Competition
• Sarbanes & Oxley / Basel I & Basel II
WHY
Costs
• Confidentiality Legal Issues
• Loss Competitive Edge
• Employee Compensation Issues
Sarbanes & Oxley•Responsibility of Corporations
Basel I & Basel II•Responsibility of Banks•Risk Management
WRITE THIS DOWN . . .
www.wikipedia.org
WHY (SOX)
• Risk Assessment
• Control EnvironmentCulture based on Awareness & Integrity
Keeping Balance: “What is our Business?”
• Control Activities
• Monitoring / Auditing
• Information and Communication
Half Way There!
HOW
Create the Culture
Define Data Types
Identify Who is Responsible and Accountable
Reduce Access
Maintain Controls
Maintain Culture
Test
(steps)
HOW - Create the Culture
Addressed at All Levels of Organization (Vertical)
Addressed across Corporation (Horizontal)
Support of Upper Management (Top Down)
Keep the Balance (Mind Your Business!)
Cost / Benefit / RISKo Money in your Mattress?o Day-trading Penny Stocks?
HOW - Define Data Types
•What is Confidential Data?
•How do I Classify my Data?
HOW - Responsible & Accountable
Identify those Responsible
Identify those Accountable
Identify those who need access
Designate Authority Accordingly
Ensure Responsibility, Accountability, and Authority are properly balanced and applied.
HOW – Reduce Access
Reduction of Access
• Departmental Segregation
• Within IT
• Balanced against Cost
• Balanced against Effectiveness
• Balanced against Trust
HOW – Maintain Controls
Access to Data
• Application Security
• Database Security
• Network Security
Where is my Data?
• Laptops
• PDAs
• Internal / External
HOW – Maintain Culture
Security Awareness
Across The Organization
Vertically within Organization
KEEPING THE BALANCE!
HOW - Test
Audit
Ask!
White Hat
Trigger Monitoring Tools
Triage Scenarios
MIND YOUR BUSINESS
WHERE
PRODUCTION
STAGING
TEST
DEVELOPMENT
VANILLA
TRAINING
WHERE
PRODUCTION
STAGING
TEST
DEVELOPMENT MO
DS
WHERE
PRODUCTION
STAGING
TEST
DEVELOPMENT
DA
TA
WHERE
PRODUCTION
TRAINING METADATA
DATA
WHERE
PRODUCTION
TRAINING
FOUNDATION
CONFIDENTIAL
•Data Scrambler
•Mockup Data
GENERAL DATA
WHEN
Review the Who . . . oDatabase AdministratorsoSystem & Network AdministratorsoDevelopersoManagementoBack Office
WHEN
oDatabase AdministratorsHave Access. Period.
oSystem & Network AdministratorsNo Application AccessAny and All Reports
oDevelopersNegotiable!
oManagement – Application Security
oBack Office – Application Security
WHEN - Developers
Cost / Benefit / Risk
How Many Developers
Organization of DevelopersProduction Support
Modifications & Testing
Database Access
WHEN - Developers
PRODUCTION
STAGING
TEST
DEVELOPMENT
DA
TA
Tools (types)
SecureDatabaseApplication
SeparateApplications (HR & Financials)Roles (Centralized vs Normalized)Environments (TST, DEV, TRN)
ScrambleSelect EnvironmentsOn the Fly
TOOLS - Separate
Identify Data TypesoSSNoDOBoCompensation
Department (Name & EMPLID Scrambled)
Identify Records (Boeing / Princeton)oEMPLIDoCompensation
Paycheck (Not keyed by EMPLID)
WRITE THESE DOWN . . .
www.heres2u.com(Presentation & Resume)
www.sennac.com(RBAC & FURBAC)
(Johan Bethlehem)
Questions
Contact Information:
Michael Stutz
(888) 757-2616
http://heres2u.com