Security & Auditing Solutions for Infor-Lawson Software 1.

Security & Auditing Solutions for Infor-Lawson Software

1

2Agenda

About Us

Benefits

Products

Services

Security Dashboard

Security & Auditing Solutions for Infor-Lawson S3

3About UsSecurity & Auditing Solutions for Infor-Lawson S3

Founded in 1983, Kinsey has provided software sales, implementation, support and development for 32 years.

Lawson reseller and implementation partner since 1997.

Lawson certified systems integrator partner.

Lawson complementary software partner.

Lawson’s “Go to” implementation partner for public sector.

Provide complementary Lawson software products.

Implemented solutions for over 120 Lawson accounts.

Committed to your success.

BenefitsSecurity Solutions for Infor-Lawson S3

Client Benefits 5

Improved Capabilities

Our Security Reporting and Auditing applications provide in-depth reporting analysis of

Lawson Security data.

Expanded Offerings

User monitoring, transaction auditing, segregation of

duties reporting and security modeling provide critical insight to your Lawson

system.

Time Saver

Custom Security definition and audit reports save you

hours of validating user security.

Saves Money

Our clients have reduced labor intensive security

reviews from a few weeks to a few days.

Audit Compliant

Our tools assist with developing and maintaining an audit compliant security

model as well as investigating questionable transaction

activity.

Cost Effective

Our tools are very affordable when compared to competing

products.


Our ProductsSecurity Solutions for Infor-Lawson S3

Security Dashboard 7

Security ReportingProvides detailed analysis on your security model including all assignments for Users, Roles, Security Classes, Tokens, Rules and Attributes.

Security Modeling & UtilitiesCreate ‘what-if’ scenarios within your security model without changing any security settings and report back on what users are affected.

Security AuditingOur security audit report enables you to monitor all changes to your security model including the before and after values of any specific setting.



Segregation of DutiesValidates that the correct checks and balances have been implemented within the security model to avoid potential fraudulent activity.

Activity MonitorProvide insight and control over your Lawson S3 applications by monitoring user activity. Use this information to validate your Lawson security settings, monitor user activity, measure peak usage times or monitor software usage patterns.


Security Migration Process (SMP)Our security migration process is a fast and simple yet extremely thorough method if defining and implementing Lawson Security.



o Security Reportingo Security Analyzero Security Auditingo Object Modelingo Role Modelingo Object Comparisono Security Visualizero Security Utilities

Features

Security Reporting 10

Users

Displays all User-Object security assignments.

Roles

Displays all Role-Object security assignments

Security Classes

Displays all Security Class (Task)- Object security

assignments.

Objects

Displays all assignments for Structures, Groups, Tables,

Attributes, and Fields,

Historical

Automatically creates historical copies of LS for reporting and comparison

purposes

Save, Export, Email

Save, Print, Export or Email your custom reports at

anytime.




o 13 User querieso 8 Role querieso 10 Task querieso Statistics & Metadatao Listener Activityo Orphaned Objectso Links to Lawson HRo View any profileo Multiple Environments

Report Features



o Object Filterso Column Sorto Column Groupingo Drill around o Save any queryo Print to PDF or printero Export to MS Excelo Email scheduled

reports

Report Options

Security data is pulled nightly or on demand from your LDAP server and stored in a collection of SQL tables for easy access.

Security Reporting - Historical 13


Our historical reports will compare your current security settings to a historical point in time referencing what has been changed. You can also generate security reports from the historical tables.

o Object Filterso Column Sorto Column Groupingo Drill around o Print to PDF or Printero Export to MS Excelo Compare to Historical

Report Options

Security Reporting - Analyzer 14

Security Solutions for Infor-Lawson S3

o User Form Ruleso User Table Ruleso User Field Ruleso User Program Ruleso Form Conditionso Field Conditionso Filter by Usero Created in MS Excelo Unlimited Saved

Reports

Report Features

The Security Analyzer allows you to create custom reports for just the users you need to see. Then easily review the least restrictive access assigned to each form, table, program or field by user.

Security Modeling & Utilities 15

ObjectsReveal how changing

an objects assignment or rule

on any given security class will effect the associated users.

RolesSee how adding or

removing a role from a user will effect the

users security privileges.

TaskDiscover how

adding or removing a security class from a role will effect the users associated with

that role.

UtilitiesCompare, map, copy and upload security assignments directly

to LDAP.

Our set of modeling tools give you the flexibility you need to foresee the cause and effect of making a change to your security model prior to implementing any updates. Once you’re comfortable with the results our utilities can help you expedite the process.


Security Modeling – Role Modeling 16


o Add a Role to a Usero Remove a Role from a Usero Add a SecClass to a Roleo Remove a SecClass from a

Role

Features

Model the affect of changing any User-Role or Role-Security Class assignment.

Security Modeling – Role Modeling 17


Projected changes to User permissions are highlighted in blue.

Security Modeling - Visualizer 18


o Map from any objecto Drill to Security

Reportso Drag and Drop

Assignmentso Object Filtering

Features

Use the Visualizer to quickly see how Users, Roles and Security Classes are connected.

Security Utilities – Object Comparison 19


o Role Redundancyo Role Absorptiono Sec Class Redundancyo Sec Class Absorptiono Filter by Object Nameo Drill to Security

Reports

Analyze

The Object Comparison utility provides a quick visual of potentially redundant Roles or Security Classes.

Security Auditing 20

Object ChangesAudit any change to any object in the security model and view the before and after values.Historical AuditsGenerate reports based on object names, user names or date ranges to find just the data you need.

Custom QueriesCreate and save custom queries using the advance search and filtering options.

NotificationsPrint, export or email scheduled notifications for any saved report.


Segregation of DutiesSecurity Solutions for Infor-Lawson S3

Once you have defined a report simply add it to our schedule so you can be notified when a security change causes an SoD violation.

Automatic Email Notifications

Our Lawson application consultants have defined over 2,200 rules that are used to validate that your security conforms to the 240 SoD delivered policies. You have full flexibility over adding or changing any of the rules.

Over 2,200 Predefined Rules

With our delivered policies covering Asset Management, Cash Management, Closing Procedures, Inventory Control, Order Processing, Payables Management, Receivables Management, and Payroll you will receive immediate benefits from the SoD reports. You can also define your own policies using the SoD admin screen,

240 Delivered Policies

The Segregation of Duties application is designed to ensure that you have the proper checks and balances built in your security model to prevent fraudulent activity. With the added flexibility of our ad-hoc reporting you can create, save, and email critical reports as needed.

Segregation of Duties 22

8 Predefined CategoriesPolicy Importance Ratings

Create Unlimited New CategoriesCreate Unlimited New Policies Created Unlimited New Rules

Modify any Existing PoliciesDefine Rules by Form, Role, Security Class or Field

SoD Policies


Segregation of Duties 23

By User by PolicyBy Policy by User

By Role Group by PolicyDifferences Report

Microsoft Excel ExportUnlimited Saved Reports

Scheduled Email Notifications

SoD Violation Reports


Activity Monitor 24

0

1

2

3

4

5

6

Activity Monitor is designed to provide insight and control over your Lawson S3 applications. Extensive metadata analytics allow you to closely monitor how your applications are being used and where you may be exposed to a security risk. You can use this information to validate your Lawson security settings, monitor user activity, measure peak usage times or monitor software usage patterns. With the added capability of providing the transaction record keys, Activity Monitor is an invaluable auditing tool when questions arise surrounding changes made to your Lawson system.

Complete Transparency


Activity Monitor – Reporting 25


o By Usero By Formo By Function Codeo By Dateo By Record Keyo Drill to Security

Reports

Analyze

All Activity Monitor data can be displayed using our LS reporting application. This allows you to create unlimited custom reports and associate actual usage to a users security settings.

Security MigrationA better way of transitioning to Lawson Security

Security Migration Options 27

Multiple vendors provide predefined Excel based Roles and Security Class for LS. Customizing these to fit your environment can be a challenge.

Manually building LS can be extremely time consuming and painful. This is generally the least desirable route.

Lawson’s Security utility copies your existing LAUA security to LS by creating 1 Role and 1 Class for every LAUA Sec Class

Kinsey’s solution builds an audit compliant object oriented Role and Security Class model based on user requirements.


Security MigrationWhat we do.

28

MonitorTrack all user

activity to validate actual form

requirements.

PrepareTune existing LAUA

model based on Activity and

Segregation of Duties results.

BuildAutomatically create

Role and Security Class objects based on common LAUA user access then

add data level security.

TestPreform positive and negative testing to

ensure proper access.

Security MigrationHow we do it.

29

IC AdminSec Class A Sec Class B Sec Class C Sec Class D

1

Role A Role B Role C Role D

LAUA LS

AP Setup AP Update AP Processing AP Reports AC Processing AC Update AC Reports GL Reports

By finding common form access across all Security Classes we can infer how forms should be grouped to create LS Security Classes. The application will then build unique classes for each Lawson system code.

Once the Security Classes are created the application will automatically create the Roles and make the appropriate User assignments.

Security Migration Services 30

Analyze

We will assist you with analyzing your user activity and Segregation of Duties

Reports

Tune

By tuning LAUA to align with your actual security needs we

can use this information to build LS

Train

We provide training throughout the project so you will be able to maintain the new security model going

forward.

Customize

Our certified consultants will assist you with writing data

level security logic to protect you against unauthorized

access.

Test and Deploy

A critical step in the process, our project plan will guide you

though both positive and negative testing prior to

deployment.

Support

From installation through post go-live our team of

consultants will assist in every phase of the project.


Transaction AuditingExpanding Lawson’s Auditing Capabilities

Transaction Auditing 32

Feature Kinsey Infor-Lawson

Predefined AuditsAbility to Audit all 6500+ FormsAd-hoc ReportingHistorical ReportingSaved Favorite ReportsReport SchedulingAutomatic email distributionDrill to SecurityDrill to User Activity MonitorAudit Inquiries


3055

Transaction Auditing - Reporting 33


o Every Addo Every Changeo Every Deleteo Every Inquiryo Any Formo By Whoo On What Dayo Before/After

Values

Analyze

All Transaction data can be displayed in our TA reporting application. Create unlimited custom reports and send automatic email notifications.

o By Usero By Formo By Function

Codeo By Dateo By Key

Report

Benefits to working with us

We like to think that we are an easy group to work with. Our management team and consulting staff are available when you need us. And with consultants spread throughout the US we are able to cover all time zones for our clients and partners.

We’re Friendly

There’s no need for you or your clients to worry about continued support of our applications. For over 33 years we have maintained multiple application and security consultants to handle every situation that occurs. As a privately held company we are here for long run.

Stability

Kinsey brings over 33 years of ERP implementation and development experience to our clients. Every Kinsey consultant has over 20 years of experience in this space and with over 130 Lawson Clients we cover everything from installation, implementation, support and project management.

Experience

ServicesWe can help.

35

Kinsey consultants have been

implementing net new Lawson

implementations for over 18

years. Our consultants are

Lawson certified in every

application suite.

Our staff of certified consultants

and project managers can guide

your clients through the

complete upgrade process.

Upgrades

ERP Consulting

Security ConsultingOur team of security consultants

have helped over 60 Lawson

clients migrate from LAUA to LS

over the past 4 years.

Meet the TeamWho are behind the scenes

Meet the Team 37

Brad KinseyCEO & Co-Founder

Brad Kinsey is responsible for the sales and administrative functions of the company, including legal, accounting and human resources.

Dan KinseyPresident & Co-Founder

Dan Kinsey is responsible for product development, implementation and support of all Kinsey applications.

Guy HensonVP Business

DevelopmentGuy Henson is responsible for the business development and sales activities for Kinsey.

Thanks for attending!We hope you found it helpful!

Kinsey & Kinsey, Inc.26 North Park Boulevard

Glen Ellyn, IL. 60137

630-858-4866

[email protected]

call 757-621-8236

www.kinsey.com

Security & Auditing Solutions for Infor-Lawson Software 1.

Documents

Transcript of Security & Auditing Solutions for Infor-Lawson Software 1.