Connect Learn Share Microsoft Dynamics NAV Tips and

  • Slides: 23
Download presentation
Connect Learn Share Microsoft Dynamics NAV: Tips and tricks for security methodologies Andy Snook

Connect Learn Share Microsoft Dynamics NAV: Tips and tricks for security methodologies Andy Snook and Nate Boettcher Fastpath, Inc.

Agenda • • Introductions Common challenges Planning Deploying Testing Troubleshooting Auditing

Agenda • • Introductions Common challenges Planning Deploying Testing Troubleshooting Auditing

Connect Learn Share Introductions

Connect Learn Share Introductions

About Andy • President of Fastpath • Certified in Risk and Information Systems Control

About Andy • President of Fastpath • Certified in Risk and Information Systems Control • 17 years experience in financial management systems • 10 years experience in systems auditing

About Nate • Applications Engineer at Fastpath • 5 years experience in software development

About Nate • Applications Engineer at Fastpath • 5 years experience in software development • 3 years experience in Microsoft Dynamics

About you • Microsoft Dynamics NAV Version • Role • Security admins • Finance

About you • Microsoft Dynamics NAV Version • Role • Security admins • Finance • Audit • Regulatory compliance • • SOX FDA DCAA LMNOP

Connect Learn Share Common challenges

Connect Learn Share Common challenges

Common challenges • • Access security is low priority for the project team Everyone

Common challenges • • Access security is low priority for the project team Everyone is SUPER! Security is the domain of IT/Sys Admin not BPOs Expensive customisations in place of security Process controls not part of the design No consideration of segregation of duties Dilution of ‘go-live’ security design Inability to report on current security setup

Connect Learn Share Planning

Connect Learn Share Planning

Planning • • • Avoid the house that Jack built Implementation and upgrade time

Planning • • • Avoid the house that Jack built Implementation and upgrade time is perfect Start with process not with technology Include roles, systems, risks and controls End result is a role matrix

Six Sigma Process Map

Six Sigma Process Map

Role matrix

Role matrix

Segregation of duties • • • Have a methodology Build rules (email me for

Segregation of duties • • • Have a methodology Build rules (email me for ISACA SOD set) Balance preventative vs. productivity Don’t forget about process controls The goal is a blend of security and controls

Connect Learn Share Deploying

Connect Learn Share Deploying

NAV 2013 Security Model

NAV 2013 Security Model

Deploying – Moving from your plan to NAV – Out of the box permission

Deploying – Moving from your plan to NAV – Out of the box permission sets – Use as templates – S&R-Q/O/I/R/C – Create sales orders etc. – S&R-Q/O/I/R/C, POST – Post sales orders, etc. – BASIC

Connect Learn Share Testing

Connect Learn Share Testing

Testing • Utilize your plan from planning stage • Have at least one person

Testing • Utilize your plan from planning stage • Have at least one person for each employee type • Validate each process for permission errors • Troubleshoot any permission errors • Rinse and repeat

Connect Learn Share Troubleshooting

Connect Learn Share Troubleshooting

Troubleshooting • Manual • Application Test Toolset – Code Coverage Tests • Easy Security

Troubleshooting • Manual • Application Test Toolset – Code Coverage Tests • Easy Security Lite • Task Recorder using SQL Sever Profiler

Connect Learn Share Auditing

Connect Learn Share Auditing

Auditing • • • Don’t set and forget Take a risk based approach to

Auditing • • • Don’t set and forget Take a risk based approach to reviews BPOs should review access Monitor SUPER access Update processes, rules and matrices

Connect Learn Share Questions? snook@gofastpath. com @snookgofast boettcher@gofastpath. com @nboettcher

Connect Learn Share Questions? snook@gofastpath. com @snookgofast boettcher@gofastpath. com @nboettcher