1 / 4

Application Security Management

CUNY-CIS InfoSec Team. Functional Project Manager (s). University Information Security Director. ERP Campus Executive. University & Campus Administration. ERP Project Director. Manager, PeopleSoft Application Security. CUNY-CIS InfoSec Team. Security Policy & Procedure Adoption

paniz
Download Presentation

Application Security Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CUNY-CIS InfoSec Team Functional Project Manager (s) University Information Security Director ERP Campus Executive University & Campus Administration ERP Project Director Manager, PeopleSoft Application Security CUNY-CIS InfoSec Team • Security Policy & Procedure Adoption • Approver of new & modified Role & Permission Lists content • Approver of changes to universal security settings • Compliance recertification Application Security Liaison Functional Liaisons Campus & Central Office Campus & Central Office • University application security policy & procedure development • Security Settings Change Management • Exception Request Review • Compliance & Certification Program including Review of Security at Campuses • Audit of Transaction Logs • Peoplesoft Security Training & Awareness • User enrollment & De-provisioning • Approval of Role & Permission List assignment to Profiles • Central point of contact for application security • Campus Security Procedures (e.g. Profile maintenance) • Document Security Environment • Issues & Exception Management • Review of Access • Compliance, Re-certification Statement Application Security Management Key Stakeholders Roles, Responsibilities &Relationships5 February 2008, V3.1

  2. Application Security Liaison • Project Expectations • Attend CUNYFIRST application security design, implementation and training meetings • Build application security community at your College (functional liaisons, campus executives, project managers) • Work proactively with the Manager, PeopleSoft Application Security and the CUNYFIRST project teams to build toward and meet go-live dates • Participate in project deliverables development as necessary • Participate in the testing of application security • Work through changing environment and ambiguities as they arise • Are significant contributors to CUNYFIRST

  3. Application Security Liaison (2) Operational Expectations • Facilitate the management of application security at the Campus as the central point of contact • Maintain user profiles based upon approval of functional liaisons • Individual profile changes • Bulk user identity data loads • Maintain up-to-date documentation of security environment including written operating procedures • Fall & Spring security reviews and written compliance certification (working with College VP Administration) • Report security violations and non-compliance situations • Request and justify exceptions to content of PeopleSoft role definitions and permission lists

  4. Manager, PeopleSoft Application Security (3) High-Priority focus areas • Build the application security community and maintain healthy collaboration with the Oracle security team and the application security liaisons • Training (for self and application security liaisons) • Implement application security governance model • Provide baseline operating procedures • Collaborate with Oracle on CUNYFIRST application security design and implementation meetings • Oracle deliverables review and approval • Participate in the testing of application security • Participate in CUNYFIRST project status meetings • Commitment to successful go-live dates, keep activities on track • Participate in addressing network infrastructure security issues if and when they arise

More Related