5 mistakes in approaching emergency access

The GRC Ninja channel has released another episode focusing on emergency access and privileged management in ERP/IT systems. GRC SAP security experts Filip Nowak and Andrzej Partyka, based on their experience, defined the 5 most common mistakes made when configuring and managing emergency and privileged access to SAP.

Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?

Part #2/5 – When is it worth creating and when should mitigating controls be avoided? In the previous part of our series part link, we concluded that managers responsible for business operations must decide when and in what situations the system access risk should be remediated by access removal, and when it should remediated by assigning compensating controls. Mitigating controls are a […]

Mitigating controls – is this a cure for “all evil” in excessive authorizations risks in SAP?

Mitigating controls are control mechanisms implemented in business processes, for the purpose of limiting the access risk coming from the user excessive authorizations granted in ERP systems. These are activities, in most cases, outside the ERP system (SAP) and conducted in a manual manner, usually based on SAP reports or other statements generated from the IT systems. Mitigating controls are a common management response to the access risk coming from conflicting authority assigned to users in SAP. Removing user access rights or modifying access via role change management process is a difficult, time-consuming and very often under appreciate response to the problem.