sap security compliance tools_pennonsoft
TRANSCRIPT
1
SAP Security and Controls
Use of Security Compliance Tools to Detect and Prevent Security and
Controls Violations
2
Agenda
• Increased Focus on Security & Controls
• SAP R/3 Security Risks & Controls
• Security Management
• Security Compliance Tools
• Questions
3
Increased Focus on Security and Controls
• Fraud (Barings Bank,WorldCom, Enron,...)
• Security Breaches (UCs, BC, Stanford...)
• Regulatory Compliance• Sarbanes-Oxley (SOX)
• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
4
Security Risks• Access Control
• Do some users have too much access?• Sufficient access restrictions to private
information?
• Segregation of Duties (SoD)
5
Security Compliance Tools – Internal Controls
• “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control)
• Cost of implementing control should not exceed the expected benefit of the control
• “Security is a process not a product”
6
Security Compliance Tools
Who has access to sensitive transactions?
Are there any SoD violations?
• Real-Time Monitoring• Remove access or assign mitigating controls• Reduce time and effort when providing
information to auditors
7
SoD Rules Matrix• Predefined SoD Rule Set
• Can Add Custom Transactions to Rule Set
8
Virsa-Compliance Calibrator
9
Virsa-Compliance Calibrator
10
Virsa-Compliance Calibrator
• Resolve SoD Issues
11
Security Compliance Software Vendors
• Virsa
• Approva
• Oversight Systems
• Big 4 (E&Y, PwC, KPMG, Deloitte)
12
Benefits of Security Compliance Tools - Summary
• Run with SAP R/3
• Automate SoD analysis
• Automate monitoring of critical transactions
• Quick assessment of authorization compliance for business users, auditors, and IT security staff
• Used during development/project efforts
• Avoid manual analysis and false positives
13
CONTACTMail : Mail : [email protected]@pennonsoft.com
Phone : Phone : (414) 433-4823Website : Website : www.pennonsoft.com