Application Security Management

CUNY-CIS InfoSec Team University Information Security Director ERP Project Director Functional Project Manager (s) University & Campus Administration ERP Campus Executive CUNY-CIS InfoSec Team Manager, PeopleSoft Application Security Campus & Central Office • University application security policy & procedure development • Security Settings Change Management • Exception Request Review • Compliance & Certification Program including Review of Security at Campuses • Audit of Transaction Logs • Peoplesoft Security Training & Awareness Application Security Liaison • Central point of contact for

application security

• Campus Security Procedures (e.g.

Profile maintenance)

• Document Security Environment • Issues & Exception Management • Review of Access • Compliance, Re-certification Statement • Security Policy & Procedure Adoption • Approver of new & modified Role &

Permission Lists content

• Approver of changes to universal security settings • Compliance recertification Campus & Central Office Functional Liaisons • User enrollment & De-provisioning • Approval of Role & Permission List assignment to Profiles

Key Stakeholders Roles, Responsibilities & Relationships

5 February 2008,

V3.1

Application Security Liaison

(1) Project Expectations • Attend CUNYFIRST application security design, implementation and training meetings • Build application security community at your College (functional liaisons, campus executives, project managers) • Work proactively with the Manager, PeopleSoft Application Security and the CUNYFIRST project teams to build toward and meet go-live dates • • • Participate in project deliverables development as necessary Participate in the testing of application security Work through changing environment and ambiguities as they arise • Are significant contributors to CUNYFIRST

Application Security Liaison

(2) Operational Expectations • Facilitate the management of application security at the Campus as the central point of contact • Maintain user profiles based upon approval of functional liaisons ► Individual profile changes ► Bulk user identity data loads • • Maintain up-to-date documentation of security environment including written operating procedures Fall & Spring security reviews and written compliance certification (working with College VP Administration) • • Report security violations and non-compliance situations Request and justify exceptions to content of PeopleSoft role definitions and permission lists

Manager, PeopleSoft Application Security

(3) High-Priority focus areas • Build the application security community and maintain healthy collaboration with the Oracle security team and the application security liaisons • • • • Training (for self and application security liaisons) Implement application security governance model Provide baseline operating procedures Collaborate with Oracle on CUNYFIRST application security design and implementation meetings • • • • • Oracle deliverables review and approval Participate in the testing of application security Participate in CUNYFIRST project status meetings Commitment to successful go-live dates, keep activities on track Participate in addressing network infrastructure security issues if and when they arise