0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
21 Ansichten13 Seiten
This document discusses using security compliance tools to detect and prevent security and controls violations in SAP systems. It outlines increased regulatory focus on security, risks like improper access controls and segregation of duties issues. The document then introduces security compliance tools that can monitor access to sensitive transactions in real-time, check for segregation of duties violations, and help reduce audit time by automating security assessments. These tools provide predefined rule sets and allow customizing rules to resolve security issues and help ensure compliance.
This document discusses using security compliance tools to detect and prevent security and controls violations in SAP systems. It outlines increased regulatory focus on security, risks like improper access controls and segregation of duties issues. The document then introduces security compliance tools that can monitor access to sensitive transactions in real-time, check for segregation of duties violations, and help reduce audit time by automating security assessments. These tools provide predefined rule sets and allow customizing rules to resolve security issues and help ensure compliance.
This document discusses using security compliance tools to detect and prevent security and controls violations in SAP systems. It outlines increased regulatory focus on security, risks like improper access controls and segregation of duties issues. The document then introduces security compliance tools that can monitor access to sensitive transactions in real-time, check for segregation of duties violations, and help reduce audit time by automating security assessments. These tools provide predefined rule sets and allow customizing rules to resolve security issues and help ensure compliance.
Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations 2 Agenda Increased Focus on Security & Controls SAP R/3 Security Risks & Controls Security Management Security Compliance Tools Questions 3 Increased Focus on Security and Controls Fraud (Barings Bank,WorldCom, Enron,...) Security Breaches (UCs, BC, Stanford...) Regulatory Compliance Sarbanes-Oxley (SOX) Family Educational Rights and Privacy Act (FERPA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) 4 Security Risks Access Control Do some users have too much access? Sufficient access restrictions to private information? Segregation of Duties (SoD) 5 Security Compliance Tools Internal Controls Internal Controls are processes designed by management to provide reasonable assurance that the Institute will achieve its objectives (From MITs Guidelines For Financial Review and Control) Cost of implementing control should not exceed the expected benefit of the control Security is a process not a product
6 Security Compliance Tools Who has access to sensitive transactions? Are there any SoD violations? Real-Time Monitoring Remove access or assign mitigating controls Reduce time and effort when providing information to auditors Used during implementation of new modules 7 SoD Rules Matrix Predefined SoD Rule Set Can Add Custom Transactions to Rule Set 8 Virsa-Compliance Calibrator 9 Virsa-Compliance Calibrator 10 Virsa-Compliance Calibrator Resolve SoD Issues 11 Security Compliance Software Vendors Virsa Approva Oversight Systems Big 4 (E&Y, PwC, KPMG, Deloitte) 12 Benefits of Security Compliance Tools - Summary Run with SAP R/3 Automate SoD analysis Automate monitoring of critical transactions Quick assessment of authorization compliance for business users, auditors, and IT security staff Used during development/project efforts Avoid manual analysis and false positives 13 Questions