Subject Matter Expert's (SME) Role in Security Projects
Kyle Gray, Solution Consultant - Security and Fraud Protection
Robbie Scott, Associate Solution Consultant Security CPD
Typically, an experienced security analyst from our staff can assist and support the everyday security needs of our clients for an existing security model. The same security analyst can also construct a completely new, best practices security model for clients. While having a security analyst to implement the new model is vital, the involvement of Subject Matter Experts (SMEs) from the client's staff is also essential for the project's success.
For new security model projects, it is imperative to work with the business and identify Subject Matter Experts (SMEs). SMEs will be the Security Analyst’s point of contact and reference for any questions regarding their particular subject (module) of expertise.
For instance, these SMEs are users that are at a Manager, or higher, level. The SME will be able to provide, or track down, the necessary information needed by the Security Analyst. The following are areas of importance with regards to identifying SMEs. Also, below are the main phases throughout the course of a security project where a SMEs assistance is needed.
SMEs needs to:
- Be readily available throughout stages of the project
- Have clear, or “better than most” knowledge and understanding of their subject (module) in JDE
- Be able to track down business related answers for the Security Analyst
- Have company knowledge of certain processes or procedures that need to be addressed in the project, that the Security Analyst would not know.
- This type of knowledge is extremely important as each company/business can perform certain functions differently
- Be able to make decisions on Task View structure and role definitions for their area of expertise
Project Kick-off and Menu Redesign Meetings
Just like the Security Analyst, the SME play a vital role in the progress and flow of a security project. SMEs are engaged in the project from day one. Each SME would be involved in a Menu Redesign Meeting the first week of a project. These meetings would involve the Security Analyst explaining the process of the new security model and begin constructing the menu for their module. According to a Best Practice Security Model, the menu is what drives security. That being said, the meetings, knowledge, construction and signoff of the menu is crucial for the start of a project. If issues or delays occur in this stage (first stage of project), it can make it very difficult to keep the project on time AND budget.
User Acceptance Testing (UAT)
Furthermore, the SMEs will play an important role during the User Acceptance Testing (UAT) part of the project. UAT is where all processes are tested, by module, to confirm the menu, roles and security have been constructed correctly. This part of the project is typically broken into two separate weeks. Any discrepancies or issues would be identified during this time and the security analyst and SME can make the necessary adjustments, retest and confirm prior to Go-Live.
Go-Live Support
While UAT is used to confirm the new setup, the actual Go-Live (new model moved and used in Production environment) can still produce areas/processes that may not have been tested or incorporated in the project. Having the SMEs involved during the Go-Live can ease the stress during that week for the business and the project as a whole.
So, what have we learned today?? Well, if a security project is in your future, remember that having a knowledgeable and assertive SME can only help the business and the overall success of that project. SMEs should be readily available and have extensive knowledge of their certain functional area (module). Identifying and incorporating SMEs into a security project is crucial for the success of that project.
If GSI can assist you with an existing security model, potential new security model or security support in general, please don’t hesitate to reach out to one of our expert security analysts!