Beruflich Dokumente
Kultur Dokumente
GRC Approvers
Course Overview
This course introduces the Continuous Compliance Suite, demonstrating the Approver functionality of RA&R, CUP and SPM as it is used by PRASA
Course Goals
This Course will Prepare you to:
Work Work Work
with Risk Analysis and Remediation Compliant User Management Approver module. with Superuser Privilege Management
Course Objectives
After this course, you will have the foundation knowledge to:
Discuss
(RA&R)
Discuss
Management (SPM)
Course Content
Preface Unit 1 Unit 2 Unit 3 Introduction and Overview Informer CUP Overview Unit 4 Unit 5 Unit 6 Using the Approver Module PRASA Workflows SPM - Firefighter
Unit 1 Objectives
After completing this unit you will be able to:
Discuss Explain List
Client Considerations
What is GRC
Governance Risk and Compliance is a suite of products
Preventative Compliance
Technical Architecture
Authorization Custody
Client Considerations
PRASA Faces significant Security Challenges including:
RA&R is about the Potential to perform certain tasks and not necessarily who has done them
What is RA&R
Mitigation Controls
Methodology
Demonstration
Review
Which of the following is a feature of RA&R?
a) RA&R is preventive as well as detective b) RA&R provides an audit trail of rule updates c) RA&R provides the functionality to execute risk analysis across multiple systems and applications d) All of the above e) None of the above
Unit Summary
Client Considerations
key features and benefits of RA&R
Course Content
Preface Unit 1 Unit 2 Unit 3 Introduction and Overview Informer CUP Overview Unit 4 Unit 5 Unit 6 Using the Approver Module PRASA Workflows SPM - Firefighter
Unit 2 Objectives
After completing this unit you will be able to:
Discuss Run Run
Run
Describe
Risk Violations
Users Analysis Role Analysis
Comparisons
Alerts Rules Library Controls Library
Risk Violations
Role Analysis
Comparisons Alerts
Rules Library
Controls Library
User Analysis
Risk Violations
Users Analysis Role Analysis
Comparisons
Alerts Rules Library
Controls Library
Role Analysis
Risk Violations
Users Analysis Role Analysis
Comparisons
Alerts Rules Library Controls Library
Comparisons
Risk Violations
Users Analysis Role Analysis Comparisons Alerts Rules Library Controls Library
Alerts
Risk Violations
Users Analysis Role Analysis
Comparisons
Alerts Rules Library
Controls Library
Rules Library
Risk Violations
Users Analysis Role Analysis Comparisons Alerts Rules Library Controls Library
Controls Library
Risk Analysis
Report Types
There are six report types, each of which can be formatted in several ways. Action Level SoD reports Generating this report type produces a list of SoDs at the action level. Permission Level SoD reports Generating this report type produces a list of SoDs at the permission level. Critical Actions reports Generating this report type limits the list to Critical actions available. Critical actions are defined under the Rule Architect tab. Critical Permissions reports Critical Roles/Profiles reports Generating this report type lists only the Critical Roles and Profiles associated with the User, Role, HR Object, or Organization. This report does not list any risks. Mitigation Control reports Generating this report type lists valid Mitigation Controls assigned to the User, Role, HR Object, or Organization included in the analysis.
Report Formats
Executive Summary This report format lists each risk as a single line item and displays the total number of conflicting actions producing the Risk. Management Summary This report format lists each Risk as a single line item, displays the Risk severity level and provides a link to the Risk Resolution page where options are available for resolving the risk. Drill down further by clicking the risk to view more detailed information, including conflicting functions. Summary - This report format lists the combination of conflicting actions that produce the risk in one line item. Detail This report format lists each Risk as a single line item, displays the Risk severity level and provides a link to the Risk Resolution page where options are available for resolving the risk. Drill down further by clicking the risk to view more detailed information, including conflicting functions.
Audit Reports
Security Reports
Background Jobs
Demonstration
Unit Summary
Run
Run Run
Describe
Course Content
Preface Unit 1 Unit 2 Unit 3 Introduction and Overview Informer CUP Overview Unit 4 Unit 5 Unit 6 Using the Approver Module PRASA Workflows SPM - Firefighter
Unit 3 Objectives
After completing this unit you will be able to:
Navigate Discuss
CUP
Overview
CUP automates the access provisioning approval process by combining roles and permissions with workflow. When a user (Requestor) makes an access request to resources for which they do not have permission, CUP automatically forwards the access request to designated managers and approvers within a predefined workflow. This workflow is customized to reflect your company policy. Roles and permissions are automatically applied to the enterprise directories when the access request are approved. CUP automates the role provisioning process within the identity management environment. It ensures corporate accountability and compliance with SarbanesOxley along with other laws and regulations.
Workflows
The workflows are configured by the CUP Administrator to reflect your corporate policies and business unit practices. CUP allows you to track your request and view its status. As your request goes through each stage of the workflow, you can view all comments appended by Managers, Approvers, and Security.
Getting Started
Creating Requests
CUP provides standard request types that are defaults, which cannot be deleted or modified. The request types of your access request will determine how the request is processed for approval in the workflow.
More Screen
Selecting Roles
In SAP, roles are a collection of transactions that an enduser is permitted to perform. When a role is assigned to an end-user, all transactions within that role are available to that user. Roles in SAP can be single or composite. Composite roles are a group of single roles.
Copy Request
The Copy Request option allows you to create a new request based on an existing request. You can copy an existing request for multiple users. For example, if you have multiple users who have requested access to the same system or roles, you can copy an existing request to create multiple requests with similar information.
Unit Summary
CUP
Demonstration
The instructor will demonstrate how to navigate CUP and introduce CUP modules
Course Content
Preface Unit 1 Unit 2 Unit 3 Introduction and Overview Informer CUP Overview Unit 4 Unit 5 Unit 6 Using the Approver Module PRASA Workflows SPM - Firefighter
Unit 4 Objectives
After completing this unit you will be able to:
Discuss Manage View
Approver Module
Requests Status
Overview
CUP provides a standardized decision-making process for approving requests. It also provides a comprehensive view of information needed to make approval decisions. Authorized Approvers can be managers or members of various departments (such as IT Security), who are assigned to the appropriate workflow stages in the approval process. These assignments to workflow are configured by the CUP Administrator.
Approver Types
CUP provides three standard Approver types but other types can be added to CUP. The standard Approver types are:
Security Approver
Selecting Roles
In SAP, roles are a collection of transactions that an enduser is permitted to perform. When a role is assigned to an end-user, all transactions within that role are available to that user. Roles in SAP can be single or composite. Composite roles are a group of single roles.
The Mitigation tab is read only. It displays what risks are mitigated and the details on the mitigation control.
Mitigation Controls
Performing Mitigation
The Mitigation option enables you to resolve risk violations by allowing exceptions to the rules defined using Risk Analysis and Remediation (mitigation controls). The Mitigation option allows you to monitor risks over a specific time period. On the Mitigation page, you can:
Forwarding Requests
During the approval process, you can forward the request to another approver.
Reroute Requests
During the approval process, you can reroute the request to another approver.
Search Request
The Search Request option allows you to search for an Open, Closed, Hold, or Rejected requests. You can specify specific search criteria to filter your request. The request information that is returned is view only. You cannot modify the information that appears in the result page.
Approver Delegation
The Approver Delegation option enables you to delegate your approver authority to another member of your team. For example, if you are out-of-the-office for a period of time, you can delegate your approval permissions to the designated proxy on your team. You have to specify a duration of time for which you want to allocate your work to your proxy.
Reaffirm
As a Role Owner Approver, you need to reaffirm roles with dates that have expired. The reaffirm dates are initially set by the CUP Administrator, using the Configuration Module. In the Roles>Create Roles page, the Administrator should have defined a specific time period in which the role needs to be reaffirmed.
Request On Hold
The Request on Hold option allows you to view all requests that you put on hold to process at a later time. You then can select a request from the displayed list and perform the appropriate action.
Unit Summary
Requestor Module
Requests
Requests Status
Demonstration
Course Content
Preface Unit 1 Unit 2 Unit 3 Introduction and Overview Informer CUP Overview Unit 4 Unit 5 Unit 6 Using the Approver Module PRASA Workflows SPM - Firefighter
Unit 5 Objectives
After completing this unit you will be able to:
Discuss
PRASA Workflows
The following workflows have been configured for PRASA: Change Account New Account Lock / Unlock Account Role Approval Create, Change & Delete Risks Create, Change & Delete Mitigation Controls Assignment of Mitigation Controls Assignment of Firefighter IDs
Change Account
New Account
Role Approval
Assignment of Firefighter ID
Course Content
Preface Unit 1 Unit 2 Unit 3 Introduction and Overview Informer CUP Overview Unit 4 Unit 5 Unit 6 Using the Approver Module PRASA Workflows SPM - Firefighter
Unit 6 Objectives
After completing this unit you will be able to:
Discuss: Explain
Privilege Management
List
Management
How
etc
Features of SPM
Strategy
SPM provides the ability for selected personnel to act as a Firefighter
Perform
emergency situation
Only
Firefighter IDs
Extended
Logging Information
Firefighter gathers logging information from the following:
Statistical Records/User Activities (STAT) The SAP Systems also log activities categorized by transaction and user in statistical records.
Change Documents (CDHDR) The SAP Systems capture changes with change documents, i.e. entries into the CDHDR table.
Transactions All transactions that are successfully entered are reported (whether any updates were made or not).
Programs Executed If transactions SA38 or SE38 are executed and a program is run, the program name will be reported.
Administrator Role
Firefighter Administrators have complete access to the Firefighter program. Administrators are the only Firefighter user who can create Firefighter ID passwords. All other Firefighter users receive an error when they attempt to open the Firefighter Security table. Administrators are responsible for assigning Firefighter IDs to Owners and can also assign Firefighter IDs to Firefighters. Administrators are also the only Firefighter users with the ability to access the Firefighter Tool Box and generate reports. The exception is the Log report, which is accessible from the Administration menu and the toolbar in the Firefighter Cockpit.
Owners Role
Owners can assign Firefighter IDs to Firefighters and Controllers. When accessing the Firefighter program. Owners only see Firefighter IDs assigned to them by the Firefighter Administrator. Owners can be Controllers by assigning any Firefighter IDs in the Controllers table. Owners can not assign Firefighter IDs to themselves another owner must assign them.
Firefighters Role
Firefighters have access to the Firefighter IDs assigned to them and can use the Firefighter IDs to perform any tasks permissible by the Firefighter ID roles.
Controllers Role
Controllers audit Firefighter ID usage by viewing the Firefighter Log report and receiving email notification of Firefighter ID logins. Controllers can view the Log report within Firefighter or have the Log report emailed as a text file attachment.
Firefighters ID
A Firefighter ID is a user ID with specific roles that allow the Firefighter to perform the required tasks. Each Firefighter is assigned specific Firefighter IDs for a designated period of time. Once a Firefighter initiates the Firefighter application, only assigned Firefighter IDs are displayed and available for use. Each time a Firefighter logs-in using a Firefighter ID, the login event and any subsequent transaction usage are recorded. Any existing user ID can be designated as a Firefighter ID. However, once a Firefighter ID is specified, it can no longer be used for normal login purposes.
Reports
Assignment of Firefighter ID
User Interface
The two parts of Firefighter are the Firefighter Cockpit and the Firefighter Tool Box. Cockpit
Firefighter ID Controllers and Firefighters use the Firefighter Cockpit use Firefighter features.
The Firefighter Cockpit contains menus, a toolbar, and the Firefighter Dashboard.
Menus
Toolbar (1)
The Firefighter toolbar makes it easy to access most of the administrative and reporting features in the program.
Refresh Click this button to refresh the data in the Firefighter Dashboard. Log Report Click this button to display the Log report form used to generate the Log report. Owners Click this button to display the table used to assign Firefighter IDs to Owners. Firefighters Click this button to display the Firefighters table, to assign Firefighter IDs to Firefighter. Controllers Click this button to display the Controllers table, to assign Firefighter IDs to Controllers.
Toolbar (2)
The Firefighter toolbar makes it easy to access most of the administrative and reporting features in the program.
Security Click this button to display the Firefighter ID Security table to assign passwords for Firefighter IDs. Reason Code Click this button to display all the reason codes and descriptions. Configuration Click this button to display the Configuration table. Critical Codes Click this button to display the Critical Transactions Codes table. Note If you are use the Critical Transactions table from Risk Analysis and Remediation this table is not accessible from Firefighter. Toolbox Click this button to display the Firefighter Tool Box. The Tool Box is accessible to Firefighter Administrators. The Tool Box lists all the reports available in Firefighter.
Firefighter Dashboard
Web Reports
Log Report
Demonstration
The instructor will demonstrate how to navigate SPM User Interface, Cockpit, Produce Web Based & Toolbox Reports
Questions
141
Thank you