1 © axl & trax, all rights reserved the security company for SAP ® environments the security company for SAP SAP SAP SAP ® environments
1
© axl & trax, all rights reserved
the security company for SAP® environments
the security company for SAPSAPSAPSAP®
environments
2
© axl & trax, all rights reserved
the security company for SAP® environments
table of contentstable of contentstable of contentstable of contents
who we are
affiliations and partnerships
mission and principles
expertise
services and solutions portfolio
approach: efficiency and quality
an example of our servicesreview of the authorization concept
references of customers served
3
© axl & trax, all rights reserved
the security company for SAP® environments
who we arewho we arewho we arewho we are
fact sheetfact sheetfact sheetfact sheet
15 years expertise
consultant, adviser, trainer and keynote speaker
over 20 dedicated GRC, IAM, authorizations and security experts
more than 200 customers served
4
© axl & trax, all rights reserved
the security company for SAP® environments
affiliationsaffiliationsaffiliationsaffiliations partnershipspartnershipspartnershipspartnerships
affiliations and partnershipsaffiliations and partnershipsaffiliations and partnershipsaffiliations and partnerships
5
© axl & trax, all rights reserved
the security company for SAP® environments
we focus 100% on risk, security and internal controls
SAP security is our core business
we are the bridge between business and IT
combining theoretical with strong practical experience
utilizing sound knowledge of business processes and data flows
communicating IT security challenges in business language
our principles
security is a business issue – IT is a business enabler
think before you act
kiss – keep it stupidly simple
continuous expertise improvement (15 years) with expert-consultants certified in the areas of
auditing: CISA; CIA; …
security: CISM; CISSP; CGEIT; CRISC…
SAP, Isabel…
our mission and principlesour mission and principlesour mission and principlesour mission and principles
6
© axl & trax, all rights reserved
the security company for SAP® environments
c-range advisory
consultancy
audit and security
governance, risk & compliance
training
tailor-made solutions
biometric authentication
identity and access management
authorization concepts
roles building
workflow
security/risk content (SOD)
ABAP coding security
vulnerability assessment
payment flow security
process controls
quality assurance
licensing (cost control)
our expertiseour expertiseour expertiseour expertise
7
© axl & trax, all rights reserved
the security company for SAP® environments
pro
duct
s
GRCIsabel Corporate
Synchronizer
Systems SAPApplications
SAPABAP
Development
SAPInfrastructure Isabel
assess / improve / implement / monitorse
rvic
es
our services and solutions portfolioour services and solutions portfolioour services and solutions portfolioour services and solutions portfolio
access rights security,
process controls, workflow, PtP review, master data cleansing
coding security
strong authentication
perimeter security
banking services
8
© axl & trax, all rights reserved
the security company for SAP® environments
program /project management
roadmap approach
expert knowledge baseknowledge network
SOD matrices
template roles
…
methodology
best-of-breed tools
standards
tailored approach
“do not try to reinvent the wheel” “do not try to reinvent the wheel” “do not try to reinvent the wheel” “do not try to reinvent the wheel”
strategicstrategicstrategicstrategic
tacticaltacticaltacticaltactical
operationaloperationaloperationaloperational
our approach: efficience and qualityour approach: efficience and qualityour approach: efficience and qualityour approach: efficience and quality
9
© axl & trax, all rights reserved
the security company for SAP® environments
get a clear understanding on the :
quality of the authorization concept
are there any inconsistencies in the concept implementation ?
does the concept embrace properly the business requirements?
is the concept flexible enough for new roll outs and ease of maintenance ?
are the change process and procedures able to prevent concept erosion over time ?
access to (hidden) critical functionality, SAP backdoors, …
presence of (potential) SoD conflicts?
root causes of security issues
security gap between what is granted and what is executed
plan to reduce any weaknesses and to improve security
evaluate the value of the security investment
assess the effectiveness of monitoring
an example of our servicesan example of our servicesan example of our servicesan example of our services
review of the authorization concept
10
© axl & trax, all rights reserved
the security company for SAP® environments
references of customers served references of customers served references of customers served references of customers served ---- www.axlwww.axlwww.axlwww.axl----trax.com/about/referencestrax.com/about/referencestrax.com/about/referencestrax.com/about/references
11
© axl & trax, all rights reserved
the security company for SAP® environments
more info ?more info ?more info ?more info ?
contact one of our partners:contact one of our partners:contact one of our partners:contact one of our partners:johan.hermansjohan.hermansjohan.hermansjohan.hermanswouter.janssenwouter.janssenwouter.janssenwouter.janssenfrederic.lorandfrederic.lorandfrederic.lorandfrederic.lorand
@axl@axl@[email protected] contact our office: or contact our office: or contact our office: or contact our office:
+32 16 311 000 +32 16 311 000 +32 16 311 000 +32 16 311 000 –––– info@axlinfo@axlinfo@[email protected]
www.axlwww.axlwww.axlwww.axl----trax.comtrax.comtrax.comtrax.com