Download presentation
Presentation is loading. Please wait.
1
Implement SoD Automation Within Weeks
Using Oracle ERP Cloud Barry Greenhut Muthuvel Arumugam Sujay Bandyopadhyay Tue Oct 23, 1:45pm Moscone South, Room 156
3
Oracle Product Development
Presenters Barry Greenhut Oracle Product Development Muthuvel Arumugam Sujay Bandyopadhyay
4
Contributors Chris Doxey Doxey Inc. Marty Reiff Oracle
5
The dream
6
Good is a must-have for SoD
Get SoD right the first time, or redo later Redoing requires: Many participants – all stakeholders in policies, security, processes Large expense and effort Reassess policies Rework processes and/or security Update data and configurations Re-train users, re-test automation, re-go-live
7
Good AND Fast Learn Prepare Deploy
8
Learn Get Started shows you: What you could do
9
What you could do: Secure Role Design
Design Role Analyze Role Secure Role design
10
What you could do: Secure Role Assignment
Assign Roles to ERP users Analyze assignments Secure assignment rules, Role design
11
Learn Get Started shows you: What you could do When to get started
Factors that affect project duration
12
During ERP Cloud implementation After ERP Cloud go-live
When to get started During ERP Cloud implementation Design Secure Roles Assign Roles Securely Go Live with ERP After ERP Cloud go-live Check & Improve Role Designs Check & Improve Role Assignments
13
Learn Get Started shows you: What you could do When to get started
Factors that affect project duration How to find the right stakeholders Who to involve in planning
14
Learn Get Started shows you: What you could do When to get started
Factors that affect project duration How to find the right stakeholders Who to involve in planning What to deploy first How to plan your project and go-live
15
Learn Prepare Define Process Set Scope Gather Data
16
Prepare: Define Process
Set Scope Gather Data Prepare: Define Process Process steps & participants (from Get Started) Fast baseline process – focus on Role Design: Choose SoD Models Analyze high-risk Roles Respond to issues Perform steps in parallel – minimize impact of waiting b & c for each role Participants People who can understand the information arising in the process, then act on it The fewer, the better – minimize complexity, training, support
17
Prepare: Set Scope In the time available
Define Process Set Scope Gather Data Prepare: Set Scope In the time available …make sure your most avid audience …will get a satisfying result Fast examples: 3-5 SoD models 2-3 riskiest Roles 1 business unit
18
Prepare: Gather Data Analyst Roles, Perspectives SoD Models
Define Process Set Scope Gather Data Prepare: Gather Data Analyst Roles, Perspectives Fast examples: Pooled responsibility SoD Models Pre-built SoD Models
19
Learn Prepare Deploy
Configure Train Go Live
20
Deploy: Configure Initial setup Import SoD models Verify analyses
Train Go Live Deploy: Configure Initial setup Import SoD models Verify analyses
21
Configure Train Go Live Deploy: Train Users Administrators Support
22
Configure Train Go Live Deploy: Go Live Good AND Fast
23
How do I set scope? How can I tell whether I’m biting off more than I can chew? Example: 5 SoD models x 3 riskiest Roles = 15 analyses’ worth of issues
24
How do I choose SoD models?
Address risks that are shared by all ERP Cloud users Many to choose from
25
How do I configure Risk Management?
Get Started support.oracle.com/epmos/ faces/DocumentDisplay?id= Get Training cloudcustomerconnect.oracle.com/posts/9a12402d9b Get Help oracle.com/support oracle.com/consulting
26
How-to: Secure by Design
Muthuvel Arumugam, Sujay Bandyopadhyay
27
How-to: Secure by Design
Secure the designs of highest-risk Roles Secure the assignment of highest-risk Roles to users Go Live Further secure Roles and assignments
28
How-to: Secure by Design
Secure the designs of highest-risk Roles What are Roles? How do I identify the riskiest ones? Secure the assignment of highest-risk Roles to users Go Live Further secure Roles and assignments
29
Role Based Access Control
Users have roles Roles grant access to functions and data Users can have any number of roles Functions and data that can be accessed is determined by the combination of roles User Linda Swift Role HR Specialist Vision Operations Role Employee Role Line Manager
30
Job Roles Job roles represent the job that you hire a worker to perform. Procurement Manager is an example of a predefined job role. You can also create custom job roles.
31
Duty Roles Duty roles represent logical groups of tasks that are performed in a job. Procurement manager has Buyer Duty Role. Buyer has Purchase Order Inquiry Duty Role. You can create custom duty roles. You do not assign duty roles to users.
32
Privileges Roles contain privileges.
Privileges provide access to functionality in the application Payables Invoice Processing Role contains the Manage Payable Invoices Privilege You can assign privileges to roles
33
Resources Privileges contain resources
Resources represent various application artifacts Tasks, Menu items, Buttons, Regions etc. Manage Payables invoices Privileges is associated with a set of resources You cannot manage resources
34
How do I identify the riskiest Roles?
By Process Identify business process with highest risk Identify pre-built SoD analyses for that process Identify roles in that process that allow the riskiest actions By SoD Policy Identify pre-built AAC policies with highest risk Identify users in scope of those policies Identify the roles those users will have
35
Secure Role Design Design Role Analyze Role Secure Role design
36
Secure Role Design NO YES Security Console Advanced Access Controls
If role is new, assign to test user Role ready to be assigned to business users NO Did analysis find conflicts within role? Import pre-built models Run model analysis Change role design to eliminate conflicts YES Security Console Advanced Access Controls
37
Secure Role Design (minimize intra-role SoD conflicts)
Gather data Initial analysis Further analyses Select 3-5 pre-built Advanced Access Controls models In AAC: Import first SoD model. Add condition to focus on highest-risk Role. In AAC: Import next SoD model. Add same condition as 3a (to focus on Role). Initial setup In one of your non-production environments: If role is new: In Security Console: Create test user, and assign highest- risk Role to that user In AAC: Run access analysis; review results, determine remedy Repeat 4a-b for remaining Models Verify that Risk Management has been activated In AAC: Run global user synchronization; run access analysis In Security Console: create another test user and assign next high-risk Role. Then in AAC: Assign AAC roles to implementation & administration users (Implementation user: privileges for designing models and running model analysis; Admin user: privileges for running global user synchronization) In AAC: Review results, use Visualization to determine remedy: Adjust first Model’s condition to focus on this Role instead of first one. In AAC: Adjust Model to minimize false positives (e.g., no-risk privileges) Run global user synchronization and access analysis again; adjust Model and/or Role design. In Security Console: Adjust Role design to minimize true positives (e.g., change role definition, change nested components) Complete essential AAC setup (Global User Identification, Global User Synchronization) Repeat 4d.i-ii for remaining Models Repeat 4d.i-iii for remaining high-risk Roles Document compensating controls if needed
38
Demonstration Sujay Bandyopadhyay
39
DEMO: We imported a prebuilt SoD model, then added an Access Condition to focus on one role
40
DEMO: Let’s see the conflicts…
41
DEMO: Here’s the raw analysis…
42
DEMO: Let’s Visualize that…
43
DEMO: The user needs Create Payable Invoice and View Supplier, not Import/Maintain/Create Supplier, so let’s fix the Supplier Profile Duty
44
DEMO: Let’s fix the Supplier Profile Duty
45
DEMO: After we re-run Model Analysis…
46
DEMO: …we’ll see that we’ve eliminated the conflicts
47
Secure Role Assignment
Assign Roles to ERP users Analyze assignments Secure assignment rules, Role design
48
Secure Role Assignment
Assign roles to ERP users Role assignments are appropriate Change role assignment rules NO Did the analysis find users with conflicts? Run model analysis Remediate Remove user role assignment YES Plan compensating AFC Controls Security Console, Role Mappings, HCM Data Loader, IDM, etc. Advanced Access Controls
49
Secure Role Assignment (minimize inter-role SoD conflicts)
Analyze all abilities In AAC: In each Model, remove condition that focused on highest-risk Role In HCM: If standard users have not been created yet, create/import them In Security Console, Role Mappings, HCM Data Loader, IDM, etc.: If high-risk Roles have not been assigned to standard users, assign them according to user onboarding policies In AAC: Run global user synchronization and access analysis again For each Model: Review results, use Visualization to determine remedy Adjust Model conditions and/or Role assignments and/or Role designs Document compensating controls as needed
50
Further secure Roles and assignments
Deploy Controls Create perspectives for routing Incidents to remediators Convert Models to Controls Schedule analysis for periodic execution Remediate incidents Optional: Define OTBI dashboards for monitoring Go live with ERP Cloud Remediate additional incidents as they arise Expand coverage Analyze more Roles Import/tune/deploy more Models/Controls
51
Case study: Expand Coverage
Chris Doxey
52
Segregation of Duties Concepts
AUTHORIZATION Reviewing and Approving transactions RECONCILIATION Assurance that transactions are proper RECORD KEEPING Creating and Maintaining records ASSET CUSTODY Access to and/or control of assets Examples of SoD Conflicts Authorizing purchases and receiving goods purchased from a single transaction Setting up a supplier, executing the payment and voiding or modifying the transaction.
53
Example Segregation of Duties Conflicts Matrix
54
Additional SoD Support and Information
What’s Available: A library of SoD Conflict Matrices System Access and SoD Policies and Procedures SoD Process Reviews Contact:
55
Additional Improvement & Acceleration: Mission Critical Support
Marty Reiff
56
Complete Support for SaaS
Flexible Support to Leverage the Potential of your SaaS Applications Bundle or standalone SLA-based services Single point of contact Business Help Desk for SaaS Regression Testing Extensions and Integrations Critical Process Management Mission Critical Support for SaaS Specific version available for requirements of US Government and Federal Agencies
57
Customer Benefits of Mission Critical Support for SaaS
Faster Adoption Faster user adoption Higher user satisfaction Higher productivity Strong Business Focus Improved overall business satisfaction Increased agility Business process continuity when it matters with end- to-end process focus and proactive oversight Single point of contact Leveraging the Potential of SaaS Seamless support across multiple SaaS workloads Fast uptake of regular SaaS updates Efficient management of cloud process flows and integrations Get it right, keep it right with expert support by Oracle Reduced TCO Cost savings through best practices, operational efficiency, and continuous improvements Planable budget with clearly defined service packages Mitigating the risk of resource turnover
58
What’s Next?
59
Oracle Risk Management User Forums
conference presentations, product updates, training materials, Q&A etc. cloudcustomerconnect.oracle.com
60
Oracle Risk Management – Learn More
Get started, documentation, release notes, training. Guided Tours Path to Success Training Personal Guidance User Documentation Release Readiness Forum
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.