become a ciber thought leader
We are always seeking talented and innovative people. We have IT careers open all around the globe.
Andrew Provines
SENIOR CONSULTANT
Andrew Provines is a Senior Consultant within CIBER’s Lawson practice. Andrew graduated from Indiana University’s Kelley School of Business and has five years of experience with Lawson. As a Lawson certified LSF9 security expert and having developed CIBER’s LSF9 methodology for delivering security solutions, he is an integral part the CIBER Lawson security team. In addition Andrew has expertise in Lawson upgrades, conversions, custom application development, and system administration.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posts by this author
Speed of Change
Andrew Provines, Senior Consultant : 14 July 2009 / 10:40 AM : 0 
One thing that continually changes in any Security Implementation, or implementation of any kind, is the speed at which tasks can be accomplished. New methods or tools continually decrease the timeline necessary to complete a project. This is wonderful from a budget stand point, but can be detrimental to the understanding and overall acceptance of any change. This seems to be a major determinant of a Lawson 9 Security project’s success. Automated load tools, standardized rules, design templates, etc, etc, etc can only do so much for a project. There are some underlying keys to a successful implementation that need to be discus...
Posted in Lawson on 14 July 2009
Tagged: Lawson Lawson Security Project Management Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 5: Ready Set Go
Andrew Provines, Senior Consultant : 09 July 2009 / 3:54 PM : 0
The final phase of the implementation is “Cut Over”, “Go Live”, or whatever you prefer to call it. The bottom line is that the time has come to put all of this work into action. The question then becomes what is the best approach to do this.
Lawson 9 Security makes this step very easy. Security activation is on a per user basis. This means that each individual is brought over separately. You can have laua data present in the user setup and Lawson 9 Security data present and switch back and forth like flipping a light switch. How convenient. So the method you want to use to make the switch is really up to yo...
Posted in Lawson on 09 July 2009
Tagged: Lawson Lawson Security Project Methodology
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 4: If All Else Fails Test
Andrew Provines, Senior Consultant : 24 June 2009 / 3:05 PM : 0
The following is a brief summary of different types of testing that can be done with security and the benefits of each. This topic deserves much more time and attention than we will give it here. Perhaps more posts are in order. The main concern with testing revolves around what you are trying to accomplish with it. Are you testing to ensure the system is functioning correctly, testing to see if your rules are working properly, or testing to make sure the designer’s intent and understanding were correct? These different goals and project timelines tend to stress any testing phase and can complicate the implementation needlessl...
Posted in Lawson on 24 June 2009
Tagged: Lawson Lawson Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 3: Building the Beast
Andrew Provines, Senior Consultant : 11 June 2009 / 10:55 AM : 0
Now that we have successfully completed our Lawson 9 Security design and it is “practically perfect in every way” – it is now time to enter all of our beautiful designs into the system. This step is a very basic and mundane display of mouse skills. Click, apply, repeat. CIBER decided to take this opportunity to avoid carpal tunnel and created load tools that allow us to quickly upload the security matrix on the fly. This eliminates most of the manual work in the system and allows us to quickly add security definitions without the use of the LSA tool or the RM tool. This was done to allow CIBER to significantly reduce the time...
Posted in Lawson on 11 June 2009
Tagged: Lawson Lawson Security Security consulting Security Trends
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part Two: Designing My System
Andrew Provines, Senior Consultant : 05 May 2009 / 9:40 AM : 0
Designing security is by far the most crucial piece of a security implementation. A poorly designed security model could lead to headaches in the future. There are a myriad of questions you should be asking yourself at this point.
...
Posted in Lawson on 05 May 2009
Tagged: Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CUE Me Up
Andrew Provines, Senior Consultant : 14 April 2009 / 9:26 AM : 0
As you all must be aware, Lawson CUE 09 is approaching quickly. In lieu of any formal blogs, I have been busy working on a CUE presentation. With that being said I would like to invite everyone to join CIBER at CUE 09 for our security presentation. We are also hosting meetings this year to help you strategize your upcoming Lawson projects or learn how to resolve current issues you may be facing. These Strategy Meetings are almost completely booked, but there are a few slots left.
Reserve your Strategy Meeting now
CIBER’s Strate...
Posted in Lawson on 14 April 2009
Tagged: Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 1: Reluctantly Crouched at the Starting Line
Andrew Provines, Senior Consultant : 31 March 2009 / 2:02 PM : 0
The following will be Part 1 of a 5 part series on Security Implementation.
This part will define Stage 1, The Assessment…
“Where to begin?” That seems like a universal question and one that plagues us all. Instead of diving right in let’s set the scene. We know that Lawson released a new security offering, we know that it allows more control than the old one, and we also know that there is little to no similarities between the two. At this point you may ask “What can I take from LAUA?” I want to say nothing. The reason is that the two models are drastica...
Posted in Lawson on 31 March 2009
Tagged: Information Security Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Good, the Bad, and the Ugly: Living inside the System Provided
Andrew Provines, Senior Consultant : 19 March 2009 / 7:41 AM : 1
I often hear things like “Lawson screwed up” and “Lawson should have done this” or “Lawson should have done that.” The fact of the matter is… Lawson did not do this and did not do that. We are given the system as is and must make it work for our needs utilizing its capabilities. Of course you could submit a change request or a suggestion to Lawson, but I suggest making the best of what is and not holding your breath for what isn’t.
With that thought in mind, how do we have our Lawson cake and eat it too?
There are a few things to remember before we co...
Posted in Lawson on 19 March 2009
Tagged: Access management Identity and Access Management Lawson Lawson Security Security awareness Security consulting Security maturity Technology Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Questions Requiring Call
Andrew Provines, Senior Consultant : 17 March 2009 / 1:46 PM : 0
The following questions were asked on the webinar, but require a discussion on the phone to answer properly. If you asked these questions below or would like to know more information about any of these topics, please reach out to CIBER and we would be happy to have a conversation with you.
Questions:
What do you have that will help with Auditing...our DB continues to fill...is there something that we can do to trim that DB down?
What tool do you have to track changes in Lawson or is there a tool already in Lawson that will do that?
You said LDAP was light weight, how many objec...
Posted in Lawson on 17 March 2009
Tagged: Security Research / Statistics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing and Logging Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:46 PM : 0
Question: What security reports are available to show the info. already in the Lawson Security?
Answer: There are small reports that allow a number of objects and items to be reported on. The security reporting is much better than it used to be, but there are still some holes to be filled. Please reference the security manual available on Lawson support for specifics. In order to report on all security definitions setup CIBER employs a method of dumping the data out and entering it into Excel using pivot tables.
Question: How do you recommend Lawson Security users audit trail sec...
Posted in Lawson on 17 March 2009
Tagged: Risk management Security awareness Security Breaches Security consulting Security Research / Statistics Solution / System / Application Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Architecture Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:37 PM : 0
Question: Does Lawson security put a lot of load on the LDAP server?
Answer: Yes. The question here becomes whether or not it is an acceptable load. A security implementation has the ability to become so complex and weighty(for lack of a better term) that the system can not handle the load. However, if the implementation is done correctly and efficiently this situation can be avoided.
One thing to keep in mind though is that the LDAP information is cached in memory on the application server. There are settings you can change that tell the system how often to refresh that cache. On a produ...
Posted in Lawson on 17 March 2009
Tagged: Security consulting Security Research / Statistics Solution/System/Application Architecture Technology Architecture Tivoli
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lawson Security Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:37 PM : 0
Question: How / Where do you set company / process level restrictions? Is it on the user and then those restrictions then flow down to the role.
Answer: There are three parts of Lawson Security when you get right down to it. The first is defining application access and what actions a user can perform within an application. This gives them all the access they need to work in an application. The next piece is file or table access. This allows a user to perform selects and drill arounds within applications and also allows table access in Addins queries. Both application and table access are a ̶...
Posted in Lawson on 17 March 2009
Tagged: Security consulting Security Research / Statistics Security Trends Vulnerabilities
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementation Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:28 PM : 0
Question: How long to implement Lawson security?
Answer: This varies extensively between companies. It depends on your overall company strategy as it pertains to security. Are you implementing Lawson Security in a vacuum and keeping it separate from your overall security strategies as a company or are you taking into account your corporate security policies and strategies and building those into your Lawson model? Are you concerned with regulatory or compliance issues? Are you concerned about the performance impact that security will have on the system? Do you want to analyze your security a...
Posted in Lawson on 17 March 2009
Tagged: Security consulting Security Research / Statistics Security Trends Technology Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Offering Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:26 PM : 0
Question: Is SST like the Lawson Security FastTrack?
Answer: CIBER’s Lawson Security SmartStart is a unique offering put together by CIBER that contains the following elements:
Posted in Lawson on 17 March 2009
Tagged: Security awareness Security consulting Security Research / Statistics Technology Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lawson 9 Security: Do's and Don'ts
Andrew Provines, Senior Consultant : 12 March 2009 / 9:49 AM : 0
Let’s start with a brief summary of the major changes to the Lawson Security Architecture. This will allow a basis for the Do’s and Don’ts. It will also allow those not involved with Security as of yet to catch up. There are three notable changes with the new Lawson 9 Security.
The first of which is the adoption of Role Based Access Control (RBAC). RBAC is conceptually equivalent to assigning security based on the job functions that an individual needs to perform. Security is not assigned to a user in this type of model, but instead a user gains their access based upon a “Role” ...
Posted in Lawson on 12 March 2009
Tagged: Information Management Tivoli
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
