5 mistakes in approaching emergency access
The GRC Ninja channel has released another episode focusing on emergency access and privileged management in ERP/IT systems. GRC SAP security experts Filip Nowak and Andrzej Partyka, based on their experience, defined the 5 most common mistakes made when configuring and managing emergency and privileged access to SAP.
Merry Christmas and happy New Year
Merry Christmas and happy New Year
Mitigating controls – is this a cure for “all evil” in redundant authorizations in SAP?
Part #5/5: Summary and conclusions The fifth and the last part of the article summarizes the topic. In this section, we will gather all the information and answer the questions: Why the topic of access risk and SoD control is important? and Why it is worth dealing with in? We will suggest a correct sequence of […]
Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?
Part #2/5 – When is it worth creating and when should mitigating controls be avoided? In the previous part of our series part link, we concluded that managers responsible for business operations must decide when and in what situations the system access risk should be remediated by access removal, and when it should remediated by assigning compensating controls. Mitigating controls are a […]
Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?
Mitigating controls are control mechanisms implemented in business processes, for the purpose of limiting the access risk coming from the user excessive authorizations granted in ERP systems. These are activities, in most cases, outside the ERP system (SAP) and conducted in a manual manner, usually based on SAP reports or other statements generated from the IT systems. Mitigating controls are a common management response to the access risk coming from conflicting authority assigned to users in SAP. Removing user access rights or modifying access via role change management process is a difficult, time-consuming and very often under appreciate response to the problem.