Pathlock Security - Implement Logging feature in CS/HR

100%

Status

Completed [Completed]

100% complete, updated on Fri 12/15/23 12:31 PM by Wendy Bentley

Changed Status from In Process to Completed.
Changed Health from None to Green.
Completed over the summer.

Details

Dates
Mon 10/9/23 - Fri 12/15/23
Acct/Dept
Information Security
Service
Project and Change Management Office / Information Technology Project Request
Type
Operational / Maintenance Projects / Division of IT Maintenance Operations Projects
Health
Green - On track
Portfolio(s)
Classification
Project (20-230 Hours Effort)
Created
Thu 8/10/23 2:38 PM
Modified
Thu 4/25/24 3:43 PM
Closed
Fri 12/15/23 12:31 PM

Change Impact

How will you measure the impact of this project?
What are some metrics or KPIs that will be used to measure success? Think about the five metrics to measure: quality, quantity, timeliness, cost, and customer satisfaction.
The ability to view and analyze collected logs for application use which otherwise is nearly impossible to do without Appsian's tool. Logs will provide invaluable insight into how the PeopleSoft environments used, and will be critical by enabling CMS Functional Leads and ISEC to recommend informed decisions regarding application security.
Clearly read and articulate application logs in an easy and go to place.

If we had a security incident it would take hours to get the data

Also require pretty unique skillset to get to it

Should reduce the time down to an hour or less and can be done by staff with less training
What are the consequences of not doing this project?
For example: direct significant negative consequences to the University, unable to conduct basic services; failure to resolve customer complaints or requests; loss of opportunity for improved service delivery or efficiency. Please explain.
This is a module which ISEC funded several months ago to provide logging capabilities within each Campus Solutions and HR PeopleSoft environments. By not completing this project, the campus will continue to not have a reliable means for meeting CSU Policy requirements as PeopleSoft is considered a Level 1 application. Log analysis gathered by the Appsian product will be fundamential as the CMS functional user team considers role structure design in 2023.
How many employees will be impacted by this change?
Select the size of the employee population that will be impacted by this request.
A few
How many students will be impacted by this change?
Select the size of the student population that will be impacted by this request.
None

Project Costs

Funding Status
Funding is necessary and has been approved

Project Details

Project Champion
Person who voluntarily takes special interest in the adoption, implementation, and success of the project. They will help enforce the project solution with internal resources and promote it across campus.
Divisional VP Support
Does your divisional VP support this request?
Yes
What would a successful solution look like?
What outcome will you have at the conclusion of this project? If this proposal is one of a multi-phase project, please explain your plans, goals, and timelines for subsequent phases.
Successful implementation of the licensed "Logging" module in CS and HR production environments providing a single pain of glass for logs in both environments.
Gives us the ability review logs efficiently to deal with security breaches

Gives insight into overall usage for improvement purposes
Executive Sponsor Division
The executive sponsor's campus division.
Information Technology
If this request is mandated, please provide details about what's driving the mandate.
If you selected Chancellor's Office, legal or collective bargaining requirement, please provide details about the policy, law or executive memorandum that’s driving the mandate.
CSU Information Security Policy - ISO Domain 12 (Operations Security) - Logging Elements:

https://calstate.policystat.com/policy/11773867...
Project Urgency
Indicate if there is a mandate or requirement driving this request.
Required to comply with an official audit finding or Executive Memorandum
Deadline Reason
Describe the business requirement or reason for the project deadline.
If completed by 3/31/2023, this tool will provide valuable information to the CMS Functional Users Team who will be charged with building a new role & permission list structure in 2023. ISEC is seeking to transition security roles & responsibilities from the CO and back to the campus to reduce operational costs.

Project Resources & Effort

What resources will this project require?
Identify the department and/or individuals that might need to work on this project and the estimated number of hours required for each individual.
ISEC - Chris Witthans, Joseph
EAPP - Robert Utter, Mark Axtell
DoIT Departments Involved
Any Division of IT departments that will be involved in this project.
EAPP (Enterprise Applications)
ISEC (Information Security)
Complexity of Implementation
What is the complexity of the project?
Minimal (minimal system interfaces/impacts/dependencies)
What is the solution type?
The solution type translates to the level of impact on IT staffing and technology maintenance. Based on consultation with your IT representative, pick the best fit for your proposed solution.
New features in an existing system, minimal breadth/depth

Description

Chico State acquired licensing for several Pathlock modules in April 2022, and the ISEC team is interested to enable the logging function soon after installation of Pathlock SSO which is scheduled January 7, 2023. I can provide an Implementation Timeline from the vendor, as they estimate implementation will consume 3 - 1-2 hour sessions, 1-3 weeks for testing, and a 4-hour engagement with the vendor to install in Production.

Systems Affected

  1. PeopleSoft CS

  2. PeopleSoft HR

  3. SSO

Manager

TF
Tony Fierro

Alternate Manager(s)

Alisha Johns
Alisha Johns
WB
Wendy Bentley
CW
Chris Witthans

Sponsor

CW
Chris Witthans