1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Dec 19, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
SAP Security and Controls
Use of Security Compliance Tools to Detect and Prevent Security and
Controls Violations
2
Agenda
• Increased Focus on Security & Controls• SAP R/3 Security Risks & Controls• Security Management• Security Compliance Tools• Questions
3
Increased Focus on Security and Controls
• Fraud (Barings Bank,WorldCom, Enron,...)• Security Breaches (UCs, BC, Stanford...)• Regulatory Compliance
• Sarbanes-Oxley (SOX)• Family Educational Rights and Privacy Act
(FERPA)• Gramm-Leach-Bliley Act (GLBA)• Health Insurance Portability and Accountability
Act (HIPAA)
4
Security Risks• Access Control
• Do some users have too much access?• Sufficient access restrictions to private
information?
• Segregation of Duties (SoD)
5
Security Compliance Tools – Internal Controls
• “Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives” (From MIT’s Guidelines For Financial Review and Control)
• Cost of implementing control should not exceed the expected benefit of the control
• “Security is a process not a product”
6
Security Compliance Tools
Who has access to sensitive transactions?
Are there any SoD violations?
• Real-Time Monitoring• Remove access or assign mitigating controls• Reduce time and effort when providing
information to auditors• Used during implementation of new modules
7
SoD Rules Matrix• Predefined SoD Rule Set
• Can Add Custom Transactions to Rule Set
8
Virsa-Compliance Calibrator
9
Virsa-Compliance Calibrator
10
Virsa-Compliance Calibrator
• Resolve SoD Issues
11
Security Compliance Software Vendors
• Virsa• Approva• Oversight Systems• Big 4 (E&Y, PwC, KPMG, Deloitte)
12
Benefits of Security Compliance Tools - Summary
• Run with SAP R/3• Automate SoD analysis• Automate monitoring of critical
transactions• Quick assessment of authorization
compliance for business users, auditors, and IT security staff
• Used during development/project efforts• Avoid manual analysis and false positives
13
Questions
Related Documents
