Scribd
Upload
49 views

SAPBiz Presentation-Security Compliance Tools

This document discusses using security compliance tools to detect and prevent security and controls violations in SAP systems. It outlines increased regulatory focus on security, risks like improper access controls and segregation of duties issues. The document then introduces security compliance tools that can monitor access to sensitive transactions in real-time, check for segregation of duties violations, and help reduce audit time by automating security assessments. These tools provide predefined rule sets and allow customizing rules to resolve security issues and help ensure compliance.

Uploaded by

Sreekar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
49 views

SAPBiz Presentation-Security Compliance Tools

This document discusses using security compliance tools to detect and prevent security and controls violations in SAP systems. It outlines increased regulatory focus on security, risks like improper access controls and segregation of duties issues. The document then introduces security compliance tools that can monitor access to sensitive transactions in real-time, check for segregation of duties violations, and help reduce audit time by automating security assessments. These tools provide predefined rule sets and allow customizing rules to resolve security issues and help ensure compliance.

Uploaded by

Sreekar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 13

1

SAP Security and Controls


Use of Security Compliance Tools to
Detect and Prevent Security and
Controls Violations
2
Agenda
Increased Focus on Security & Controls
SAP R/3 Security Risks & Controls
Security Management
Security Compliance Tools
Questions
3
Increased Focus on Security and
Controls
Fraud (Barings Bank,WorldCom, Enron,...)
Security Breaches (UCs, BC, Stanford...)
Regulatory Compliance
Sarbanes-Oxley (SOX)
Family Educational Rights and Privacy Act
(FERPA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and
Accountability Act (HIPAA)
4
Security Risks
Access Control
Do some users have too much access?
Sufficient access restrictions to private
information?
Segregation of Duties (SoD)
5
Security Compliance Tools
Internal Controls
Internal Controls are processes designed by
management to provide reasonable assurance
that the Institute will achieve its objectives
(From MITs Guidelines For Financial Review and Control)
Cost of implementing control should not
exceed the expected benefit of the control
Security is a process
not a product

6
Security Compliance Tools
Who has access to
sensitive transactions?
Are there any
SoD violations?
Real-Time Monitoring
Remove access or assign mitigating controls
Reduce time and effort when providing
information to auditors
Used during implementation of new modules
7
SoD Rules Matrix
Predefined SoD Rule Set
Can Add Custom Transactions to Rule Set
8
Virsa-Compliance Calibrator
9
Virsa-Compliance Calibrator
10
Virsa-Compliance Calibrator
Resolve SoD Issues
11
Security Compliance Software
Vendors
Virsa
Approva
Oversight Systems
Big 4 (E&Y, PwC, KPMG, Deloitte)
12
Benefits of Security Compliance
Tools - Summary
Run with SAP R/3
Automate SoD analysis
Automate monitoring of critical
transactions
Quick assessment of authorization
compliance for business users, auditors,
and IT security staff
Used during development/project efforts
Avoid manual analysis and false positives
13
Questions

You might also like