1 / 23

Banner Security Update

Banner Security Update. UNC Financial Systems Mini-Conference January 25, 2010. Agenda __________________________. About Fayetteville What and Why? Forms vs. People What have we done? Banner 8 Features Share your campus experience. UNCFSU – Proud History __________________________.

jontae
Download Presentation

Banner Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Banner Security Update UNC Financial Systems Mini-Conference January 25, 2010

  2. Agenda__________________________ • About Fayetteville • What and Why? • Forms vs. People • What have we done? • Banner 8 Features • Share your campus experience

  3. UNCFSU – Proud History__________________________ • 1867 Seven men pooled $136 for land investment • 1877 became the Howard School to train teachers • 1907 moved to current Murchison Road location • 1939 became Fayetteville Teachers’ College • 1963 became Fayetteville State College • 1969 became Fayetteville State University • 1972 became part of the UNC-System http://www.uncfsu.edu/pr/history.htm

  4. UNCFSU – Promising Future__________________________ • Over 70 undergraduate and graduate degree programs in Arts and Sciences, Business and Economics, and Education • Doctorate degree in Educational Leadership • Business School includes an MBA program • Criminal Justice, Psychology and Nursing Programs • Campuses on Ft. Bragg and Seymour-Johnson AFB • 6,300 Students • 245 Full-Time Teaching Faculty • 2009 CIAA Football Champions

  5. What?__________________________ • Audits, Audits and more Audits • Findings and Findings and Findings and Findings… • From 14 to 2 • We will talk about one of them today • Information systems access rights inconsistent with job duties

  6. … and Why?__________________________ • Information systems access rights inconsistent with job duties Why? • To answer, look back at how Banner was rolled out • Multiple SGHE consultants assigned • Multi-tasked functional staff • “Open until Understood”

  7. ITTS – “Let’s Get This Organized”__________________________ • Thousands of tables and forms • Security Managers for each module

  8. The Security Managers__________________________ • Primary and Backup Names • Advancement • Admissions • Human Resources • Financial Aid • Registrar’s Office • Institutional Research • Student Affairs • Finance • ITS

  9. Security Managers Duties__________________________ • Gatekeepers to university data contained within the Banner database • Determine appropriate Security Class or profile associations for new and existing departmental users • Act as a central point of contact for Banner access-related departmental issues • Act as primary departmental contact with Banner Security Administrator for access and profile related problem resolution • Review, update or delete Security Classes / profiles on a quarterly basis

  10. ITTS – “Give ‘em some tools”__________________________ • Thousands of tables and forms • Security Managers for each module • Tools supplied: • Report of classes and forms in them • Report of people assigned to your classes • Report of people assigned to any of your individual forms • Duties include: “… Review, update or delete Security Classes or profiles on a quarterly basis.”

  11. Forms vs. People__________________________ • Security Managers issued access to forms within their assigned areas but… • OSA was asking who has access to what? • ITTS had begun information lock down • Result: • Managing without the complete picture “I can tell you who has access to your forms but can’t tell you all the forms your people can access.”

  12. Internal Audit Gets Involved__________________________ • Do the Security Managers know what they are supposed to do? • Not really • The reports only dealt with their assigned forms • “Some assembly required” • No feedback to ITTS was required

  13. What have we done?__________________________ • Trained the Security Managers • Require feedback to ITTS • Added a reviewer role to facilitate meetings • Provide reviewer with raw user security data on all users • “Some assembly still required” but… We now get enough to conduct the reviews

  14. Results__________________________ • “People-centric” review process • Review calendar • Benefits beyond Finance • Already closed potential gaps in Student Accounts, Admissions, Registration, Student Housing

  15. Our Software Releases – Jan. 19__________________________

  16. Banner 8 Security Features__________________________ • New Security Administration Features • Subtle improvements like: • Redesigned GSASECR for setting up new users • End users can now see the last time logged into Banner • BAN_FULL_SECURITY_C class • Use with _Q role for Security Administrators • BAN_DEFAULT_NO_ACCESS class • Provides more manageable way to limit users access to the entire content of a defined class

  17. Banner 8 Security Features__________________________ • Tab-Level Security • Particularly useful on identification forms (i.e., %IDEN) • Partial Masking extended to character fields as well as numeric • PINs stored in encrypted format • Rules can be established for strong PIN passwords • New PIN reset process involving security questions

  18. More GENERAL Features__________________________ • GENERAL 8.1 – Additions to Security • Enhanced Distributed Security • Introduction of GSADSUM • GENERAL 8.2 – New person information fields • House number, Street Line 4, Telephone country code, Last name prefix • Hidden by default upon delivery – most will not use • Use GORDMSK or run script to reveal them

  19. And the Features Keep Coming__________________________ • GENERAL 8.2.1 – ACH Transactions • For international use • GENERAL 8.3 – Credit Card Information • PCI compliance enabler • Coordinate with your payment vendor • In our case: TOUCHNET

  20. So where are we focused?__________________________ • Work through reviews with each department • Eliminate the audit finding • Reduce the number of security classes • Look for ways to improve the maintenance effort • Improve web requests for new account set up • Explore decentralized security features • Develop a work flow for new hires and terminations

  21. How about your campus?__________________________ • What’s working? • What’s not? • What features are you using?

  22. Questions/Comments__________________________

  23. Thank You__________________________ Contact me anytime… David Beach Director, Systems and Procedures Fayetteville State University 1200 Murchison RD Fayetteville, North Carolina 28301 910-672-1153 dbeach@uncfsu.edu

More Related