Hyperion Application Access Control Governor Blueprint for Oracle GRC Applications

Similar documents
Oracle Buys Automated Applications Controls Leader LogicalApps

FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Oracle Application Access Controls Governor. Implementation Guide Release Part No. E

INTELLIGENCE DRIVEN GRC FOR SECURITY

Application Access Controls Governor Implementation Guide Part No. E

Application Access Controls Governor Implementation Guide 8.6.0

Why GRC is important to you and your customers/prospects What do we mean by GRC? How does it relate to Oracle? Brian Gregory, ACA, EMEA GRC

1Z Oracle Identity Governance Suite 11g PS3 Implementation Essentials Exam Summary Syllabus Questions

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

1 Hitachi ID Access Certifier. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Oracle Enterprise Governance, Risk and Compliance. Security Implementation Guide Release Part No. E

Microsoft Security Management

SAP security solutions Is your business protected?

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

SAP Security Remediation: Three Steps for Success Using SAP GRC

<Insert Picture Here> Forms Strategies: Modernizing Your Oracle Forms Investment

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

IBM Internet Security Systems Proventia Management SiteProtector

Agenda. Introduction. Key Concepts. The Role of Internal Auditors. Business Drivers Identity and Access Management Background

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The 10 Principles of Security in Modern Cloud Applications

Oracle Enterprise Governance, Risk and Compliance Manager. Implementation Guide Release Part No. E

Securing SharePoint TASSCC TEC 2009 Web 2.0 Conference

SAP Security Remediation: Three Steps for Success Using SAP GRC

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Oracle Enterprise Transaction Controls Governor. Implementation Guide Release Part No. E

Governance, Risk, and Compliance Controls Suite. Release Notes. Software Version

Introduction to Automated Controls

Automating for Agility in the Data Center. Purnima Padmanabhan Jeff Evans BMC Software

Date Author Version Change Reference

Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust

Enterprise GRC Implementation

Accelerate Your Enterprise Private Cloud Initiative

Oracle Enterprise Governance, Risk and Compliance Manager. User Guide Release Part No. E

Enterprise Transaction Controls Governor Implementation Guide Part No. E

Oracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security

ADVALO TRAINING SCHEDULE FOR THE YEAR Exadata Database Machine: 12c Administration Workshop Ed 1

Oracle Enterprise Governance, Risk and Compliance. User Guide Release Part No. E

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Oracle Governance, Risk and Compliance. Release Notes Release Part No. E

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

ServiceNow Indicator Based Continuous Control Management

The risk of SQL forms within the Oracle Applications- How did that Happen?

The ProcessGene GRC Suite. Solution Presentation

itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors

Achieving effective risk management and continuous compliance with Deloitte and SAP

Next Generation Policy & Compliance

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Governance, Risk, and Compliance Controls Suite. Hardware and Sizing Recommendations. Software Version 7.2

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

<Insert Picture Here> Enterprise Data Management using Grid Technology

Infosec Europe 2009 Business Strategy Theatre. Giving Executives the Security Management Information that they Really Need

Privileged Identity Management

Service Oriented Architecture

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

ForeScout ControlFabric TM Architecture

Oracle Application Access Controls Governor. Release Notes Release 8.0.1

About ERPScan. ERPScan and Oracle. ERPScan researchers were acknowledged 20+ times during quarterly Oracle patch updates since 2008

Introduction to Automated Controls. Jay Swaminathan Senior Manager, SOAProjects. San Francisco Chapter

IBM services and technology solutions for supporting GDPR program

Workshop 71: Is Your Financial System Ready? An Overview of Effective Federal Information System Controls Audit Manual (FISCAM) Assessments

Oracle Database Auditing

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

The Value of Force.com as a GRC Platform

Oracle Database 12c: Administration Workshop Ed 2

Oracle Database 12c: Administration Workshop Ed 2

IBM Security Guardium Analyzer

<Insert Picture Here> Managing Oracle Exadata Database Machine with Oracle Enterprise Manager 11g

Oracle Application Access Controls Governor. User Guide Release Part No. E

Auditing IT General Controls

PROTECT AND AUDIT SENSITIVE DATA

Call: Hyperion Planning Course Content:35-40hours Course Outline Planning Overview

Integrigy Consulting Overview

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Reinvent Your 2013 Security Management Strategy

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Oracle Identity Governance 11g R2: Develop Identity Provisioning

Watson Developer Cloud Security Overview

Survey - Governance, Risk and Compliance

The Cloud Identity Crisis

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

INFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK. Ronald E. Franke, CISA, CIA, CFE, CICA. April 30, 2010

Building a Resilient Security Posture for Effective Breach Prevention

WELCOME ISO/IEC 27001:2017 Information Briefing

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Understanding IT Audit and Risk Management

Testkings.C_GRCAC_10.91 questions

Oracle Risk Management Cloud

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Compliance Audit Readiness. Bob Kral Tenable Network Security

Leveraging advanced controls with PeopleSoft implementation and upgrade projects

Integrating SAP GRC RM, PC and AC: An end-to-end solution

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

How will cyber risk management affect tomorrow's business?

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Oracle Identity Manager 11gR2-PS2 Hands-on Workshop Tech Deep Dive Provisioning and Reconciliation

Transcription:

<Insert Picture Here> Hyperion Application Access Control Governor Blueprint for Oracle GRC Applications Providing organizations the ability to enforce Segregation of Duties across Hyperion Applications

Agenda Hyperion Application Access Control Governor Blueprint Overview Business Challenges Solution Details SOD in Hyperion Applications Process Flow Capabilities Details Oracle Blueprints for Oracle GRC Applications

Blueprint Overview Blueprint purpose: Help existing Oracle Application Access Control Governor (AACG) customers to centrally monitor, detect, and prevent incompatible access privileges for Hyperion Shared Services (HSS) enabled EPM apps. Blueprint benefit: Mitigate financial process risks inherent to Hyperion Financial Management (HFM) deployments Prevent potential user security threats related to Hyperion EPM deployments Blueprint items: Pre-built AACG Adaptor for HSS and for HFM Security Classes Pre-built AACG Policies for HFM

Agenda Hyperion Application Access Control Governor Blueprint Overview Business Challenges Solution Details SOD in Hyperion Applications Process Flow Capabilities Details Oracle Blueprints for Oracle GRC Applications

Financial Statement Risk Factors Pressures Exposures Market competition Earnings expectations New accounting or regulatory requirements Secure additional financing High vulnerability to rapid changes interest rates, technology, obsolescence Complex transactions at end of period Significant operations across international borders Overly complex organization structure Weak monitoring and systembased controls Ineffective accounting and information systems AICPA -- Appendix to SAS No. 99, Fraud Risk Factors 5

Reducing User Access Security Threats Segregation of Duties Example Policies Support regulatory compliance Reduce risk of fraud and errors Identify key touch points in EPM deployments that require additional oversight Augment HFM reporting regarding security HFM-specific policies Create Journal * Post Journal Create Journal * Approve Journal Consolidation * Consolidate All Lock Data * Unlock Data 6

Agenda Hyperion Application Access Control Governor Blueprint Overview Business Challenges Solution Details SOD in Hyperion Applications Process Flow Capabilities Details Oracle Blueprints for Oracle GRC Applications

Enforce proper segregation of duties in applications SOD refers to the separation of business activities that a single person may initiate and/or validate, in order to limit or prevent erroneous or fraudulent activities Business activities are enabled through the respective access points within an application (ex. Create Journals, Consolidate Data, etc ) Access Point any level node in the access model hierarchy for a particular application

Enforce proper segregation of duties in applications Policy Library Detection Conflict Paths Simplify segregation of duties enforcement with simulation and remediation Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails Accelerate deployment and time to value with predelivered controls library Prevention Define Access Controls Access Analysis Remediation (Clean-up) Preventive Provisioning Compensating Policies

Process Flow HSS Evaluate HSS User Authorization Model Remediate Hyperion Users and Groups Blueprint includes: 12 pre-defined HFM AACG Policies AACG Define Hyperion Data Source Extract Authorization Model into AACG Define or import SoD control policies Analyze SoD Conflicts Schedule or Run Conflict Analysis 4 pre-defined AACG globalconditions 1 Incremental Update ODI Scenario for AACG 3 Repository diagnostic SQL scripts Reduce False Positives Conflict Reports SoD conflicts by Policies SoD conflicts by Users Hyperion AACG

Solution Architecture Adds ability to: Analyze Hyperion users, groups, roles, and inherited user access Analyze Fusion Apps users, roles, and entitlements Coverage within and across financial sources with application-specific and cross-platform analysis e.g. can t setup HFM GL and post to Fusion/PSFT/EBS GL Hyperion EPM Apps Application Access Controls Governor 8.5 Hyperion Shared Services Adapter Framework (ODI) Fusion Financial Sources

Access Adaptor & Semantic Data Store Semantic Data Store Access Adaptor Captures and converts Authorization Data of target Applications like Hyperion into single common model in AACG Database Can be configured against HFM and other HSS based Hyperion apps Full and incremental data pulls

Seeded Fine Grain Access Control Define Comparing EBS and HFM Access Points Hyperion Journals Administrator Hyperion Post Journals EBS R12 Create Journal Entries EBS R12 Enter Journals EBS R12 Enter Encumbrances Entitlements: Post HFM Journal Entry Element Hyperion Journals Administrator Hyperion Post Journals Description Journals Administrator Post Journals Entitlements: Enter EBS Journal Entry Element Create Journals Enter Journals Enter Encumbrances Description Create journal Entries Enter Journals Enter Encumbrances POLICY Enter Journal(EBS) * Post Journal(HFM)

Validation Cross Platform Conflicts Same individual / different user accounts Hyperion Shared Services Oracle ebusiness Suite Group of groups Responsibility Group Menus Role Nested roles Functions

Agenda Hyperion Application Access Control Governor Blueprint Overview Business Challenges Solution Details SOD in Hyperion Applications Process Flow Capabilities Details Oracle Blueprints for Oracle GRC Applications

What are Blueprints? Best Practices Standardized techniques, methods, & processes, based on business practice analysis across multiple organizations. Example: Centralized Health & Safety Incident Management Content Pre-defined modules, policies, reports, models, attributes, lookups, semantic business objects, physical mappings. Example: Pre-built policies to detect SOD-related fraud in Hyperion Financial Mgmt Integrations Out-of-the-box interoperability with critical business systems delivering best practices across entire business process. Example: Connector to Hyperion FM for accounts-based controls assessment scoping

How do Blueprints fit into the GRC Platform? Enterprise GRC Platform Functional Extensibility Blueprints leverage the Oracle GRC Platform Configurability and Extensibility Framework Components GRCI GRCM GRCC-A GRCC-C GRCC-T GRCC-P 11g FMW Framework WEBCAT MODULES MODELS SDD & SDM PATTERNS RULES ADF & SOA Health, Safety and Environment HSE Blueprint includes: 15 pre-defined Types 25 pre-defined Classes 5 pre-defined Perspectives 153 pre-defined Attributes 18 pre-defined Lookup Values 20 pre-defined Graphs 4 pre-defined Risk Context Models 13 pre-defined Survey Questions1 Standalone ADF-based configurable incident capture page

How are Blueprints Different from Products? Freely available Free, open & extensible Free, self-paced training Free, community based support

Blueprints Ecosystem Blueprints Enterprise GRC Platform Partners Increase ROI with one platform for all GRC Initiatives Share new blueprints in an online community Collaborate online on extending existing blueprints Oracle Customers

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback