Upload File

sapbiz presentation-security compliance tools

13
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

Upload: -

Post on 15-Jul-2016

214 views

Category:

Documents


0 download

Report

DESCRIPTION

SAP Security

TRANSCRIPT

Page 1: SAPBiz Presentation-Security Compliance Tools

1

SAP Security and Controls

Use of Security Compliance Tools to Detect and Prevent Security and

Controls Violations

Page 2: SAPBiz Presentation-Security Compliance Tools

2

Agenda• Increased Focus on Security & Controls• SAP R/3 Security Risks & Controls• Security Management• Security Compliance Tools• Questions

Page 3: SAPBiz Presentation-Security Compliance Tools

3

Increased Focus on Security and Controls

• Fraud (Barings Bank,WorldCom, Enron,...)• Security Breaches (UCs, BC, Stanford...)• Regulatory Compliance

• Sarbanes-Oxley (SOX)• Family Educational Rights and Privacy Act

(FERPA)• Gramm-Leach-Bliley Act (GLBA)• Health Insurance Portability and Accountability

Act (HIPAA)

Page 4: SAPBiz Presentation-Security Compliance Tools

4

Security Risks• Access Control

• Do some users have too much access?• Sufficient access restrictions to private

information?• Segregation of Duties (SoD)

Page 5: SAPBiz Presentation-Security Compliance Tools

5

Security Compliance Tools – Internal Controls

• “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control)

• Cost of implementing control should not exceed the expected benefit of the control

• “Security is a process not a product”

Page 6: SAPBiz Presentation-Security Compliance Tools

6

Security Compliance ToolsWho has access to

sensitive transactions?Are there any

SoD violations?

• Real-Time Monitoring• Remove access or assign mitigating controls• Reduce time and effort when providing

information to auditors• Used during implementation of new modules

Page 7: SAPBiz Presentation-Security Compliance Tools

7

SoD Rules Matrix• Predefined SoD Rule Set

• Can Add Custom Transactions to Rule Set

Page 8: SAPBiz Presentation-Security Compliance Tools

8

Virsa-Compliance Calibrator

Page 9: SAPBiz Presentation-Security Compliance Tools

9

Virsa-Compliance Calibrator

Page 10: SAPBiz Presentation-Security Compliance Tools

10

Virsa-Compliance Calibrator• Resolve SoD Issues

Page 11: SAPBiz Presentation-Security Compliance Tools

11

Security Compliance Software Vendors

• Virsa• Approva• Oversight Systems• Big 4 (E&Y, PwC, KPMG, Deloitte)

Page 12: SAPBiz Presentation-Security Compliance Tools

12

Benefits of Security Compliance Tools - Summary

• Run with SAP R/3• Automate SoD analysis• Automate monitoring of critical

transactions• Quick assessment of authorization

compliance for business users, auditors, and IT security staff

• Used during development/project efforts• Avoid manual analysis and false positives

Page 13: SAPBiz Presentation-Security Compliance Tools

13

Questions


Security compliance

SDLA-200 ISA Security Compliance Institute Security

Global Compliance Programs · •Tools – web based: VoD, Webex/Telepresence, email, social media, automated tools, Compliance ambassadors, Country Teams, ‘friend’ of compliance

Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13

Shape Your Business For the Future: Powering ... · Security Management Tools Operational Readiness Business Case Chargeback Approach Security/Compliance Program & Architecture Management

Security & Compliance

Security & Compliance for Today & Beyond · Security & Compliance for ... compliance, auditing and security solutions ... I5/OS QAUDJRN Current Activity •Active Jobs •System Status

Audit, Compliance & Security

Federal Webinar: Security Compliance with SolarWinds Network Management Tools

CS11 RSM FORMATTED - Amazon S3 · •Compliance ≠ Security –Compliance = You have built the foundation to get secure •Security is not bought. –Tools are tools, not solutions

Global Security & Compliance

Simplifying CJIS Compliance with AWS€¦ · AWS offers security automation, tools, and visibility to move faster and meet Criminal Justice Information Services (CJIS) security requirements

PowerPoint Presentation · Ranorex Cynefin Mobile Applications Tools Visual Studio JMeter Selenium Testing Types Security Compliance Packaging Performance Artificial Intelligence

Automating Security and Compliance for Hybrid Environments · Container content scanners & vulnerability management tools Container runtime analysis tools Security Information and

Vendor Landscape: Security Information & Event Management (SIEM)€¦ · Optimize IT security management & simplify compliance with SIEM tools. Info-Tech Research Group 2 This Research

HIPAA Security Compliance Reviews - NIST.gov - Computer Security

AWS Security Conformance & Compliance · operational dimensions like Security, CIS Compliance, PCI DSS Compliance , Configuration and key AWS service dimensions like VPC, IAM, Security,

Maritime Compliance Assistance Tools and eProducts - Maritime Compliance Assistance (Tools...Maritime Compliance Assistance Tools and eProducts. Types of eProducts Developed ... maritime

SAPBiz Presentation-Security Compliance Tools

EZChrom Elite CDS Features for the Pharmaceutical and GLP ... · 21 CFR Part 11 Compliance EZChrom Elite’s security and compliance tools enable adherence to regulations such as

Simplified Security & Compliance

Sustainable Compliance: How to Align Compliance, Security and

Urinalysis Compliance Tools

Microsoft Security Strategy and MITS Compliance Planning Tools John Weigelt National Technology Officer Microsoft Canada

Continuous Compliance: Is It a Reality? - NDM Technologies › siem › pdf › wp-continuous-compliance-is... · 2016-05-25 · the security tools that you have procured for compliance

Cisco Security Policy Compliance Eco-system · Operations Tools •Typically delivered by vendors •Focused on day-to-day operations Policy Compliance ... •Tufin Security Suite

ACR 2 Solutions, Inc The Compliance Opportunity • Compliance is NOT Security and Security is NOT Compliance • ACR 2 Solutions is a Compliance Support company • Compliance is

Security beyond compliance

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

AWS Security & Compliance

Information Security Compliance Reporting Schedule SIMM …INFORMATION SECURITY COMPLIANCE REPORTING SCHEDULE Sorted by Agency . Office of PageInformation Security Information Security

Security and Compliance

Guidelines for Assessing Compliance with Security … Understanding Compliance With UN Security Council Resolutions in Civil Wars Guidelines for Assessing Compliance with Security

Automated Security Compliance and MeasurementAutomated Security Compliance and Measurement Stephen Quinn & Peter Mell Computer Security Division NIST

or distribution Taming Security with Tools: for publication€¦ · Taming Security with Tools: Making Compliance a Reality Brad Doctor, VMware, Inc. Craig Savage, VMware, Inc. LDT1719BU