become a CIBER practical innovator
We are always seeking talented and innovative people. We have IT careers open all around the globe.
Speed of Change
Andrew Provines, Senior Consultant : 14 July 2009 / 10:40 AM : 0 
One thing that continually changes in any Security Implementation, or implementation of any kind, is the speed at which tasks can be accomplished. New methods or tools continually decrease the timeline necessary to complete a project. This is wonderful from a budget stand point, but can be detrimental to the understanding and overall acceptance of any change. This seems to be a major determinant of a Lawson 9 Security project’s success. Automated load tools, standardized rules, design templates, etc, etc, etc can only do so much for a project. There are some underlying keys to a successful implementation that need to be discussed and understood. Remember that a project can only progress as quickly as the people involved in the project are willing to allow. The following ...
Tagged: Lawson Lawson Security Project Management Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 5: Ready Set Go
Andrew Provines, Senior Consultant : 09 July 2009 / 3:54 PM : 0
The final phase of the implementation is “Cut Over”, “Go Live”, or whatever you prefer to call it. The bottom line is that the time has come to put all of this work into action. The question then becomes what is the best approach to do this.
Lawson 9 Security makes this step very easy. Security activation is on a per user basis. This means that each individual is brought over separately. You can have laua data present in the user setup and Lawson 9 Security data present and switch back and forth like flipping a light switch. How convenient. So the method you want to use to make the switch is really up to you. I will describe a couple below and they will be split on a new implementation and an upgrade.
During a new implementation there i...
Tagged: Lawson Lawson Security Project Methodology
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 4: If All Else Fails Test
Andrew Provines, Senior Consultant : 24 June 2009 / 3:05 PM : 0
The following is a brief summary of different types of testing that can be done with security and the benefits of each. This topic deserves much more time and attention than we will give it here. Perhaps more posts are in order. The main concern with testing revolves around what you are trying to accomplish with it. Are you testing to ensure the system is functioning correctly, testing to see if your rules are working properly, or testing to make sure the designer’s intent and understanding were correct? These different goals and project timelines tend to stress any testing phase and can complicate the implementation needlessly. I will attempt here to lay out different tests and the pros and cons of each.
Security Class Testing
During a security c...
Tagged: Lawson Lawson Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 3: Building the Beast
Andrew Provines, Senior Consultant : 11 June 2009 / 10:55 AM : 0
Now that we have successfully completed our Lawson 9 Security design and it is “practically perfect in every way” – it is now time to enter all of our beautiful designs into the system. This step is a very basic and mundane display of mouse skills. Click, apply, repeat. CIBER decided to take this opportunity to avoid carpal tunnel and created load tools that allow us to quickly upload the security matrix on the fly. This eliminates most of the manual work in the system and allows us to quickly add security definitions without the use of the LSA tool or the RM tool. This was done to allow CIBER to significantly reduce the time it takes a client to get data into security.
The load tools help significantly but there are pieces of security configuration that take mor...
Tagged: Lawson Lawson Security Security consulting Security Trends
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part Two: Designing My System
Andrew Provines, Senior Consultant : 05 May 2009 / 9:40 AM : 0
Designing security is by far the most crucial piece of a security implementation. A poorly designed security model could lead to headaches in the future. There are a myriad of questions you should be asking yourself at this point.
That is a small list in comparison to what needs to be considered during security design, but it offers a place to start.
Things to Consi...
Tagged: Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CUE Me Up
Andrew Provines, Senior Consultant : 14 April 2009 / 9:26 AM : 0
As you all must be aware, Lawson CUE 09 is approaching quickly. In lieu of any formal blogs, I have been busy working on a CUE presentation. With that being said I would like to invite everyone to join CIBER at CUE 09 for our security presentation. We are also hosting meetings this year to help you strategize your upcoming Lawson projects or learn how to resolve current issues you may be facing. These Strategy Meetings are almost completely booked, but there are a few slots left.
Reserve your Strategy Meeting now
CIBER’s Strategy Meeting topics for CUE 09 include:
Tagged: Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Implementation Part 1: Reluctantly Crouched at the Starting Line
Andrew Provines, Senior Consultant : 31 March 2009 / 2:02 PM : 0
The following will be Part 1 of a 5 part series on Security Implementation.
This part will define Stage 1, The Assessment…
“Where to begin?” That seems like a universal question and one that plagues us all. Instead of diving right in let’s set the scene. We know that Lawson released a new security offering, we know that it allows more control than the old one, and we also know that there is little to no similarities between the two. At this point you may ask “What can I take from LAUA?” I want to say nothing. The reason is that the two models are drastically different and should be treated as such. This is not to say that LAUA can’t help us decide on what we are missing. The rest of the a...
Tagged: Information Security Lawson Lawson Security Security consulting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Good, the Bad, and the Ugly: Living inside the System Provided
Andrew Provines, Senior Consultant : 19 March 2009 / 7:41 AM : 1
I often hear things like “Lawson screwed up” and “Lawson should have done this” or “Lawson should have done that.” The fact of the matter is… Lawson did not do this and did not do that. We are given the system as is and must make it work for our needs utilizing its capabilities. Of course you could submit a change request or a suggestion to Lawson, but I suggest making the best of what is and not holding your breath for what isn’t.
With that thought in mind, how do we have our Lawson cake and eat it too?
There are a few things to remember before we condemn Lawson for our anger and frustration. By frustration I mean hair pulling, cursing, or laptop tossing mood swings that inevitably pervade...
Tagged: Access management Identity and Access Management Lawson Lawson Security Security awareness Security consulting Security maturity Technology Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Questions Requiring Call
Andrew Provines, Senior Consultant : 17 March 2009 / 1:46 PM : 0
The following questions were asked on the webinar, but require a discussion on the phone to answer properly. If you asked these questions below or would like to know more information about any of these topics, please reach out to CIBER and we would be happy to have a conversation with you.
Questions:
What do you have that will help with Auditing...our DB continues to fill...is there something that we can do to trim that DB down?
What tool do you have to track changes in Lawson or is there a tool already in Lawson that will do that?
You said LDAP was light weight, how many objects would you say are too many?
What are some reports that are in your advance security reports?
Tagged: Security Research / Statistics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing and Logging Webinar Questions
Andrew Provines, Senior Consultant : 17 March 2009 / 1:46 PM : 0
Question: What security reports are available to show the info. already in the Lawson Security?
Answer: There are small reports that allow a number of objects and items to be reported on. The security reporting is much better than it used to be, but there are still some holes to be filled. Please reference the security manual available on Lawson support for specifics. In order to report on all security definitions setup CIBER employs a method of dumping the data out and entering it into Excel using pivot tables.
Question: How do you recommend Lawson Security users audit trail security changes?
Answer: There is auditing you can turn on in Lawson Security to track administrative changes to security setup. T...
Tagged: Risk management Security awareness Security Breaches Security consulting Security Research / Statistics Solution / System / Application Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
