Upload File

1 sap security and controls use of security compliance tools to detect and prevent security and...

  • Home
  • Documents
  • 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations
13
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

Post on 19-Dec-2015

221 views

Category:

Documents


2 download

Report

Tags:

TRANSCRIPT

Page 1: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

1

SAP Security and Controls

Use of Security Compliance Tools to Detect and Prevent Security and

Controls Violations

Page 2: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

2

Agenda

• Increased Focus on Security & Controls• SAP R/3 Security Risks & Controls• Security Management• Security Compliance Tools• Questions

Page 3: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

3

Increased Focus on Security and Controls

• Fraud (Barings Bank,WorldCom, Enron,...)• Security Breaches (UCs, BC, Stanford...)• Regulatory Compliance

• Sarbanes-Oxley (SOX)• Family Educational Rights and Privacy Act

(FERPA)• Gramm-Leach-Bliley Act (GLBA)• Health Insurance Portability and Accountability

Act (HIPAA)

Page 4: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

4

Security Risks• Access Control

• Do some users have too much access?• Sufficient access restrictions to private

information?

• Segregation of Duties (SoD)

Page 5: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

5

Security Compliance Tools – Internal Controls

• “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control)

• Cost of implementing control should not exceed the expected benefit of the control

• “Security is a process not a product”

Page 6: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

6

Security Compliance Tools

Who has access to sensitive transactions?

Are there any SoD violations?

• Real-Time Monitoring• Remove access or assign mitigating controls• Reduce time and effort when providing

information to auditors• Used during implementation of new modules

Page 7: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

7

SoD Rules Matrix• Predefined SoD Rule Set

• Can Add Custom Transactions to Rule Set

Page 8: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

8

Virsa-Compliance Calibrator

Page 9: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

9

Virsa-Compliance Calibrator

Page 10: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

10

Virsa-Compliance Calibrator

• Resolve SoD Issues

Page 11: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

11

Security Compliance Software Vendors

• Virsa• Approva• Oversight Systems• Big 4 (E&Y, PwC, KPMG, Deloitte)

Page 12: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

12

Benefits of Security Compliance Tools - Summary

• Run with SAP R/3• Automate SoD analysis• Automate monitoring of critical

transactions• Quick assessment of authorization

compliance for business users, auditors, and IT security staff

• Used during development/project efforts• Avoid manual analysis and false positives

Page 13: 1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations

13

Questions


Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime

Top 10 Violations and Active Managerial Controls

Avoiding Common Security Breaches & HIPAA Violations

Information Technology Security Controls

7.3 Network Security Controls 1Network Security / G.Steffen

ICT SECURITY CONTROLS POLICY - Cape Agulhas … Security... · BYOD Bring Your Own Device ... ISO 27002:2013 Information technology — Security ... This ICT Security Controls Policy

Critical Security Controls€¦ · Agenda Security Controls –the Good, the Bad, the Ugly Emerging Security Controls –Critical Security Controls Methodology and Contributors Supporting

GE Security GE Security EMEA Controls & Communications ...msecur.com/Nouveau dossier/pdfs/ATSGE.pdf · GE Security CONTROLS & COMMUNICATIONS Product Catalogue 04 / 2006 GE Security

PACE-IT, Security+2.9: Goals of Security Controls

Security Violations and Deviations Definitions

Security Controls Assessment for Federal Information · PDF fileSecurity Controls Assessment for . Federal Information Systems. Kevin Stine. ... implementation of the security controls,

35 Critical Security Controls

Security Door Controls

Model Checking an Entire Linux Distribution for Security Violations

System of security controls

Continuous Security & privacy Monitoring - PwC · Testing Continuous security & privacy Monitoring Efficiency Savings IT General Controls IT General Controls Automated Controls Testing

Critical Security Controls Poster

Security Controls

Oracle Security & Controls - Embedding Controls to Reduce Risk - Single

Security, Risk, Compliance & Controls

cel - SDC Security · cel TM Security Door Controls Value Engineered Access Hardware SECURITY DOOR CONTROLS Only from TM Security Door Controls Patent 5,376,910 ... (101.6 W x 38.1

Improve your revenue agency information systems security ... · SANS Top 20 Security Critical Security Controls Description of Controls Critical Controls continued: 11.Limitation

Human rights violations by security Agencies of the Palestinian Authority

Network Security Controls

Data Classification and Security Controls Policy...Data Security and Access and Storage Controls Based on Classification Types The Data Classification and Security Controls Policy

20 Ciritical Security Controls

Security operations center 5 security controls

AIS08Computer Controls and Security

Information Security Manual 2012 Controls

IT Security Controls IT Security Controls and Services - Docbox - ETSI

20 critical security controls

1500 Series EMLock - Security Door Controls · Q SECURITY DOOR CONTROLS Security Door Controls ACCESS & EGRESS SOLUTIONS - THE LOCK BEHIND THE SYSTEM 3 …

SECURITY THREATS AND CONTROLS Data security core principles€¦ · SECURITY THREATS AND CONTROLS Data security core principles The three core principles of data security/information

HMG Personnel Security Controls - metpolicecareers.co.uk · HMG Personnel Security Controls ... recruitment and national security vetting controls, ... for a total of six months or

Employee Security Controls