more from this author
The Implementation Part 5: Ready Set Go
The Implementation Part 4: If All Else Fails Test
The Implementation Part 3: Building the Beast
The Implementation Part Two: Designing My System
Get to know Andrew Provines 
become a CIBER practical innovator
We are always seeking talented and innovative people. We have IT careers open all around the globe.
Andrew Provines
SENIOR CONSULTANT
Andrew Provines is a Senior Consultant within CIBER’s Lawson practice. Andrew graduated from Indiana University’s Kelley School of Business and has five years of experience with Lawson. As a Lawson certified LSF9 security expert and having developed CIBER’s LSF9 methodology for delivering security solutions, he is an integral part the CIBER Lawson security team. In addition Andrew has expertise in Lawson upgrades, conversions, custom application development, and system administration.
See more authors in Lawson
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posts by this author
Speed of Change
Andrew Provines, Senior Consultant : 14 July 2009 / 10:40 AM : 0 
One thing that continually changes in any Security Implementation, or implementation of any kind, is the speed at which tasks can be accomplished. New methods or tools continually decrease the timeline necessary to complete a project. This is wonderful from a budget stand point, but can be detrimental to the understanding and overall acceptance of any change. This seems to be a major determinant of a Lawson 9 Security project’s success. Automated load tools, standardized rules, design templates, etc, etc, etc can only do so much for a project. There are some underlying keys to a...
Posted in Lawson on 14 July 2009
Tagged: Lawson Lawson Security Project Management Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 5: Ready Set Go
Andrew Provines, Senior Consultant : 09 July 2009 / 3:54 PM : 0
The final phase of the implementation is “Cut Over”, “Go Live”, or whatever you prefer to call it. The bottom line is that the time has come to put all of this work into action. The question then becomes what is the best approach to do this.
Lawson 9 Security makes this step very easy. Security activation is on a per user basis. This means that each individual is brought over separately. You can have laua data present in the user setup and Lawson 9 Security data present and switch back and forth like flipping a light switch. How convenient. So the method you ...
Posted in Lawson on 09 July 2009
Tagged: Lawson Lawson Security Project Methodology
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 4: If All Else Fails Test
Andrew Provines, Senior Consultant : 24 June 2009 / 3:05 PM : 0
The following is a brief summary of different types of testing that can be done with security and the benefits of each. This topic deserves much more time and attention than we will give it here. Perhaps more posts are in order. The main concern with testing revolves around what you are trying to accomplish with it. Are you testing to ensure the system is functioning correctly, testing to see if your rules are working properly, or testing to make sure the designer’s intent and understanding were correct? These different goals and project timelines tend to stress any testing phas...
Posted in Lawson on 24 June 2009
Tagged: Lawson Lawson Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 3: Building the Beast
Andrew Provines, Senior Consultant : 11 June 2009 / 10:55 AM : 0
Now that we have successfully completed our Lawson 9 Security design and it is “practically perfect in every way” – it is now time to enter all of our beautiful designs into the system. This step is a very basic and mundane display of mouse skills. Click, apply, repeat. CIBER decided to take this opportunity to avoid carpal tunnel and created load tools that allow us to quickly upload the security matrix on the fly. This eliminates most of the manual work in the system and allows us to quickly add security definitions without the use of the LSA tool or the RM tool. This was don...
Posted in Lawson on 11 June 2009
Tagged: Lawson Lawson Security Security consulting Security Trends
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part Two: Designing My System
Andrew Provines, Senior Consultant : 05 May 2009 / 9:40 AM : 0
Designing security is by far the most crucial piece of a security implementation. A poorly designed security model could lead to headaches in the future. There are a myriad of questions you should be asking yourself at this point.
- Have we designed the security to allow growth?
- Have we designed the security for sustainable security administration?
- Have we kept the design simple and flexible?
- Do we know where we are going?
- Have we accounted for application access?
- Have we accounted for table access?
- Have we accou...
Posted in Lawson on 05 May 2009
Tagged: Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CUE Me Up
Andrew Provines, Senior Consultant : 14 April 2009 / 9:26 AM : 0
As you all must be aware, Lawson CUE 09 is approaching quickly. In lieu of any formal blogs, I have been busy working on a CUE presentation. With that being said I would like to invite everyone to join CIBER at CUE 09 for our security presentation. We are also hosting meetings this year to help you strategize your upcoming Lawson projects or learn how to resolve current issues you may be facing. These Strategy Meetings are almost completely booked, but there are a few slots left.
Posted in Lawson on 14 April 2009
Tagged: Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 1: Reluctantly Crouched at the Starting Line
Andrew Provines, Senior Consultant : 31 March 2009 / 2:02 PM : 0
The following will be Part 1 of a 5 part series on Security Implementation.
This part will define Stage 1, The Assessment…
“Where to begin?” That seems like a universal question and one that plagues us all. Instead of diving right in let’s set the scene. We know that Lawson released a new security offering, we know that it allows more control than the old one, and we also know that there is little to no similarities between the two. At this point you may ask “What can I take from LAUA?” I want to say nothi...
Posted in Lawson on 31 March 2009
Tagged: Information Security Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Good, the Bad, and the Ugly: Living inside the System Provided
Andrew Provines, Senior Consultant : 19 March 2009 / 7:41 AM : 1
I often hear things like “Lawson screwed up” and “Lawson should have done this” or “Lawson should have done that.” The fact of the matter is… Lawson did not do this and did not do that. We are given the system as is and must make it work for our needs utilizing its capabilities. Of course you could submit a change request or a suggestion to Lawson, but I suggest making the best of what is and not holding your breath for what isn’t.
With that thought in mind, how do we have our Lawson cake and eat it too?
...Posted in Lawson on 19 March 2009
Tagged: Access management Identity and Access Management Lawson Lawson Security Security awareness Security consulting Security maturity Technology Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Questions Requiring Call
Andrew Provines, Senior Consultant : 17 March 2009 / 1:46 PM : 0
The following questions were asked on the webinar, but require a discussion on the phone to answer properly. If you asked these questions below or would like to know more information about any of these topics, please reach out to CIBER and we would be happy to have a conversation with you.
Questions:
What do you have that will help with Auditing...our DB continues to fill...is there something that we can do to trim that DB down?
What tool do you have to track changes in Lawson or is there a tool already in Lawson that will do that?
...Posted in Lawson on 17 March 2009
Tagged: Security Research / Statistics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing and Logging Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:46 PM : 0
Question: What security reports are available to show the info. already in the Lawson Security?
Answer: There are small reports that allow a number of objects and items to be reported on. The security reporting is much better than it used to be, but there are still some holes to be filled. Please reference the security manual available on Lawson support for specifics. In order to report on all security definitions setup CIBER employs a method of dumping the data out and entering it into Excel using pivot tables.Question: How do y...
Posted in Lawson on 17 March 2009
Tagged: Risk management Security awareness Security Breaches Security consulting Security Research / Statistics Solution / System / Application Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
