Rogers Shared Operations

EssBase Processing

SECOPS100

Final 1.2

NOTICE: Proprietary and Confidential

This material is proprietary to Rogers Shared Operations. It contains trade secret and confidential information, which is
solely the property of Rogers Shared Operations. This material is solely for the Rogers Shared Operations’ internal use.
This material shall not be used, reproduced, copied, disclosed, transmitted, in whole or in part, without the express
consent of Rogers Shared Operations© 2004,

Rogers Shared Operations© All rights reserved

EssBase Processing RSO-IT Confidential

DOCUMENT DETAILS
Issuing department Security Operations
Ownership Security Operations
Update authority Security Operations, Security Manager, Director
Issue date 03.20.2007
Effective date 03.21.2007
Expiry date 03.20.2009
Review cycle Annually

VERSION CONTROL
Date Change owner Changed by Version Description
(MM/DD/YYYY)
03.16.2007 John Barnes John Barnes Draft 1.0 New
12.20.2007 John Barnes John Barnes Draft 1.1 Updated numbering; clarified
alert types to be escalated in
step 2.2.11.
7.17.2008 John Barnes John Barnes Final 1.0 Updated document from Draft
to Final. Added step 2.3.7.
08.07.2008 John Barnes John Barnes Final 1.1 Changed file name and
SECOPS filing number.
11.26.2008 John Barnes John Barnes Final 1.2 Added steps to create/update
the daily work order in sections
2.1 and 2.3.

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 2

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

Table Of Contents
1. Introduction 4

1.1. Scope 4
1.2. Limitations 4
1.3. Threats Mitigated 4
1.4. Roles and Responsibilities 4
1.5. Definitions 5
1.6. Exemptions of Standards 6
2. Part B – EssBase Morning Report Verification Process 7
2.1. Overview 7
2.2. Daily Report Verification 8
2.3. Alert Escalation and Reconciliation 9
2.4. Troubleshooting 10

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 3

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

1. Introduction

1.1. Scope
The scope of this document is to delineate the process by which the EssBase morning access security
reports are verified, tracked, and escalated.

1.2. Limitations
This document addresses EssBase access security reporting with the following limitations:
2. The IT Infrastructure Security Operations (IT ISO) team does not have direct access to, nor a login
account for, the EssBase mainframe system.
3. All of the reports detailed in this document are generated by automated scripts/jobs on the mainframe,
and as such will not be generated/received by IT ISO in the event of a power outage or system failure.

1.3. Threats Mitigated

This document serves to mitigate the following risks to the EssBase mainframe system by creating a
method for tracking the creation and modification of high-privilege accounts within EssBase.

1.4. Roles and Responsibilities

RSO-IT Infrastructure Security Verification, reporting, and escalation of HPID activity for
Operations validation.
RSO-IT Infrastructure Security Assisting ITAP with the validation process.
Support
RSO-IT Infrastructure Access Validation of any HPA escalations which are required.
Provisioning
RSO-IT Technical Services (UNIX) N/A
RSO-IT Technical Services (Intel) N/A
RSO-IT Technical Services Second-level validation investigation, if necessary.
(Database)
RSO-IT Technical Services (Backup N/A
and Recovery)
RSO-IT Network Services N/A

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 4

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

1.5. Definitions
DB Database
DBA Database Administrator
HPA High Privilege Access
HPID High Privilege Identification
ITAP Information Technology Access Provisioning
ITISS Information Technology Infrastructure Security Support
ITISO Information Technology Infrastructure Security Operations

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 5

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

1.6. Exemptions of Standards

Any exceptions to the standards defined in this document must undergo assessment and
approval by way of a request sent to RSO-IT Security, who will be responsible for
maintaining the IT Security Exemption email account.
The process for requesting exemptions to any security standards will be as follows:

1) System owner identifies the items that require exemptions and fill out the Security
Standards Exemption Form located within the common forms section of the IT
Support Website. The current location is
https://itsupport.rci.rogers.com/main/forms/common/secExempt.asp?FormID=68

2) The form will generate a reference number and email the request to the
ITSecurity.Exemptions@rci.rogers.com mailbox. Both the requestor and the
requestor’s manager will be CC’d on the email. The requestor’s manager will be given
instruction to “reply to all” with their approval for the exemption request.

3) Upon receipt of the manager’s approval, RSO-IT Security will assess the security risk
related to exception item(s), the duration of the exemption and information related
to the intended remediation.

4) RSO-IT Security will decide whether to approve the request based on the assessment
or to submit the assessment of the business risk to the applicable VP or CIO and
await their acceptance of the risk.
5) RSO-IT Security will then notify the System Administrator of approval and CIO risk
acceptance and document and document and track the details pertaining to the
requested exemption.

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 6

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

2. Part B – EssBase Morning Report Verification Process

2.1. Overview

Every night and early morning, a script runs which pulls the EssBase system reports based on activity
that occurred during the previous 24-hour period, from 12:00:00 AM until 11:59:59 PM. These reports
are then delivered to a subfolder of the Security Operations shared folder. This document outlines the
verification process that needs to be performed and reported on each morning by ITISO.
Each morning, to track the work being done by ITISO, a work order must be created at the beginning of
the process, and closed when processing is complete. To create the daily work order, do the following:
2.1.1 In OVSD, select File – New – Work Order.

2.1.2 Highlight the “Rogers ITISO WO File Verification Template” and click OK.

2.1.3 Enter the Type as EssBase Processing, the Item as N/A, and set the To Person assignment to
yourself.

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 7

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

2.1.4 In the Description field, add “ – EssBase” (without quotes) to the end of the data already there.
2.1.5 On the Closure Information tab, click on the dropdown beside Actual Start and click on today’s
date. The field will populate with the current date and time.

2.1.6 Save the ticket, making note of the ticket number created. Enter this work order number in the
appropriate field in the tracking spreadsheet.
2.1.7 As you go through the rest of the process, enter any alerts and/or work order numbers
generated into the Information Log field of this tracking ticket.

2.2. Daily Report Verification

2.2.1. Open a Windows Explorer window and navigate to S:\RSS\BU 03\RESP 7030\DEPT
525\SECURITY OPERATIONS\ESSBASE\2007\LOGFILES. Look for a file with the name of
YYYYMMDD-Essbase.log, where YYYYMMDD is yesterday’s date (ex: The file created on
January 31, 2007 will be named 20070130-Essbase.log). If today is a Monday, there will be a
total of three (3) files, one for each day since the last check; there will be additional files if there
have been any holidays. If the file is not present, check the Troubleshooting section (2.4).
2.2.2. Move the file(s) to S:\RSS\BU 03\RESP 7030\DEPT 525\SECURITY OPERATIONS\SECOPS400 -
Reporting\SECOPS403 - Daily Essbase Reports.
2.2.3. Open a DOS command prompt (Start -> Run; type CMD and hit <Enter>).
2.2.4. From the DOS prompt, type S:, hit <Enter>, then type CD RSS\BU 03\RESP 7030\DEPT
525\SECURITY OPERATIONS\SECOPS400 - Reporting\SECOPS403 - Daily Essbase Reports
<Enter>, and make sure the prompt reads S:\RSS\BU 03\RESP 7030\DEPT 525\SECURITY
OPERATIONS\SECOPS400 - Reporting\SECOPS403 - Daily Essbase Reports.
2.2.5. Type DIR <Enter> and scan the directory to verify that the file for today is there for processing.
2.2.6. Type CSCRIPT EssBaseHPAMon.vbscript YYYY/MM/DD and hit <Enter> (where YYYY/MM/DD is
yesterday’s date) to check the log file for any new high-privilege account activity.
2.2.7. The script will scroll in the command prompt window, looking similar to the following:

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 8

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

2.2.8. Once the script completes its run, go to the created directory ( S:\RSS\BU 03\RESP 7030\DEPT
525\SECURITY OPERATIONS\ SECOPS400 - Reporting\SECOPS403 - Daily Essbase Reports
\YYYYMMDD).
2.2.9. Double-click the EssbaseHPA.txt file and look for any lines that do NOT read “Not Found”.
2.2.10. If all of the lines in the file read “Not Found”, skip to step 2.3.
2.2.11. If there are any category 1051173 alerts in which the group listed is “ RSO_CMDR_ADMIN”, go to
step 2.2.12. Otherwise, skip to step 2.3.
2.2.12. If there are alerts present, open the EssBase Escalation email form, which is located at
S:\RSS\BU 03\RESP 7030\DEPT 525\Security Operations\SECOPS300 - Forms, and either copy the
alert information into the body of the email or attach the EsssbaseHPA.txt file.
2.2.13. Update the daily tracking work order (created in section 2.1) with any escalations created in
step 2.2.12.
2.2.14. Send an email to the ITISO Manager apprising him of the EssBase Escalation.
2.2.15. Close the EssbaseHPA.txt file, and move the YYYYMMDD-Essbase.log file into the folder created
in part VII of this step.
2.2.16. Move the folder to S:\RSS\BU 03\RESP 7030\DEPT 525\Security Operations\SECOPS400 -
Reporting\SECOPS403 - Daily Essbase Reports\2007. If today is the first day of the month, create
a monthly folder for the previous month and move all of the previous month’s folders into it.

2.2.17. Update the EssBase tab of the Morning Validations reporting spreadsheet, located at S:\RSS\BU
03\RESP 7030\DEPT 525\Security Operations\SECOPS400 - Reporting. In the “Events (yes/no)”
column for the date that the alert occurred, type “Yes” and change the colour of the cell to red
(this indicates that an escalation is outstanding). In the “Notes” column on the same line, make
note of the type of alert being escalated. Continue with step 2.3.

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 9

SECOPS100 - Version: Rogers Shared Operations© All rights reserved
EssBase Processing RSO-IT Confidential

2.3. Alert Escalation and Reconciliation

2.3.1 If no escalation email has been created at this point (when there are no alerts/events to
escalate), update the EssBase tab of the Morning Validations reporting spreadsheet, located at
S:\RSS\BU 03\RESP 7030\DEPT 525\Security Operations\SECOPS400 - Reporting. In the “Events
(yes/no)” column for the date that the alert occurred, type “No”.
2.3.2 If an escalation email has been created by this point, make sure that the ITISO mailbox
address is entered into the ‘From’ field (copy it from the CC field). If the ‘From’ field is not
visible, select “View” from the menu bar at the top of the email and click on the “From Field”
option.
2.3.3 Send the email to the escalation contacts (pre-populated into the email), and file the copy of the
mail that will appear in the ITISO mailbox in the EssBase Reports\Events and Approvals folder.
2.3.4 Update the “Do events Require Escalation” column for the current date with ‘Yes’, and the
“Escalated To” column with the distribution list you sent the email to.
2.3.5 The EssBase DBA will verify that the account creation/modification in question has an
associated ticket for it in the OVSD application, or that there are emails with approval for the
account creation/change.
2.3.6 When responses to escalations are sent back, update the “Response Date” and “Notes”
columns for the appropriate date, as well as the daily work order, and change the colour of the
“Events (yes/no)” column to green. Mark any response emails as read and move them to the
EssBase Reports\Events and Approvals folder.
2.3.7 In the daily work order, on the Closure Information tab, set the resolution code to Completed
(First Attempt).
2.3.8 If there were no alerts to escalate, enter the following in the Solution box:
All files have been verified; there were no alerts requiring escalation.

2.3.9 If there were alerts to escalate, enter the following in the Solution box:
All files have been verified; all alerts have been escalated to the appropriate teams (see the Information Log for alert
information and resolution details).

2.3.10 Close the tracking ticket. Any alerts and/or escalations will be tracked in the new work orders
you have created for them.

2.4. Troubleshooting

2.4.1 If the file is not present, contact the Infrastructure Security Manager and have him verify that
the scheduled job completed correctly. If not, he will rerun the job; after the job run completes,
go back to step 2.2.
2.4.2 If the file has not yet been pulled across to the LOGFILES folder, connect to \\RWIESNASGA\D$\
with your operator ID and browse to Essbase\ESSBASE.LOG. Copy the file into the LOGFILES
folder and rename it to the required format (YYYYMMDD-Essbase.log, where YYYYMMDD is
yesterday’s date). Then open the file in Notepad or Wordpad and remove any events not from
the previous day, closing and saving the file once this is done. Start back at part II of step 2.2 at
this point.

Effective date: 03.21.2007 - Expiry date: 03.20.2009 Page 10

SECOPS100 - Version: Rogers Shared Operations© All rights reserved