SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team...
Transcript of SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team...
![Page 1: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/1.jpg)
Securely Yours LLC
SAP GRCSAP GRC
Compliance made easy
![Page 2: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/2.jpg)
What are our clients faced with
� SAP has enhanced roles but our clients are stuck with
old definitions. They would like to re-design roles
without breaking their bank
� Having a tool which will allow to recreate roles without
compromising existing authoritycompromising existing authority
� Enhance the SAP security posture enough to enable
continuous control monitoring
� Reduce the cost and time it takes to redesign roles
� Reduce the cost and time it takes to perform Audits
� Having a SOD tool, which is easy to implement and is
effective across SAP and non-SAP environments2
![Page 3: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/3.jpg)
Typical Symptoms
� Internal auditors comment that users have too many
transactions
� There is a persistent SOD problem
� There are too many roles in SAP and they are becoming
unmanageableunmanageable
� SAP security team cannot tell you what is assigned to
users
� SAP security team spends too much time on user
access request
� Need a review of your SAP installation before the
external auditor to make sure you are in compliance3
![Page 4: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/4.jpg)
Securely Yours Solution
� Services and Tools for SAP to:
� Enhance SAP GRC Assessment
� Ensure Roles and Transactions are appropriately
defineddefined
� Wild Card use in SAP is appropriately analyzed
� SOD violations are appropriately reviewed and
reported (across SAP and non-SAP environments)
� Make Role Redesign process easier
� Compliance made easy with easy to use tools
which report on changes from period to period
4
![Page 5: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/5.jpg)
Solution Sample - Assessment
5
![Page 6: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/6.jpg)
Solution Sample – Role Design
6
![Page 7: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/7.jpg)
Solution Sample - Compliance
7
![Page 8: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/8.jpg)
Benefits of using our tools
� Identifies users with excessive SAP permission
� Keeps management compliant with audit reviews for appropriate access
� Reduces the time and cost of role re-redesign
� Reduces the time required in analyzing and creating new roles by over 50%
� Reduces the cost of role re-engineering because of reduced time
� Identifies roles and users that role re-redesign
� Provides a means of comparing user groups and users against assigned roles and transactions
� Improves the provisioning process
� Provides continuous monitoring so that compliance is maintained
� Identifies roles and users that should be assigned the same permissions
� Reduces the cost and time for internal and external audit review of an Sap installation
� Incorporates a usable naming convention for roles
� Tailors solution to an organization’s processes
![Page 9: SY SAP GRC - Securely Yours LLC › files › SY_SAP_GRC.pdf · 2009-06-05 · SAP security team cannot tell you what is assigned to users SAP security team spends too much time on](https://reader033.fdocuments.net/reader033/viewer/2022052500/5f0fc59d7e708231d445ce4f/html5/thumbnails/9.jpg)
Team Members
Sajay is the CEO of Securely Yours LLC. He has
more than 32 years of experience in information
technology, specializing in information technology
architecture, information risks and controls,
information strategy and planning. Prior to starting
his company, Mr Rai was a Partner in Ernst &
Sajay Rai Philip Chukwuma
Philip is the CTO of Securely Yours, LLC. He Has
over 20 years of experience in Information
Technology and Information Security. Prior to
joining Securely Yours, he was with Ernst &
Young where he a Manager with the Risk Advisory
practice. Philip specializes in IT Security, Identity
9
his company, Mr Rai was a Partner in Ernst &
Young’s Risk Advisory Solutions Practice. He was
the Global Coordinating Partner for clients like
Blue Cross Blue Shield of Michigan, Yazaki NA,
Tecumseh and Compuware. He led major
engagements at General Motors, Visteon and
DTE .
Prior to EY, Mr. Rai worked with IBM for 13 years,
most recently serving as Managing Director of the
national Business Continuity and Contingency
consulting practice. He was instrumental in
starting the company’s Information Security
consulting practice and managing its information
technology consulting practice in Latin America.
Mr. Rai co-authored a recently published book,
Defending the Digital Frontier – A Security
Agenda. Mr. Rai is a regular speaker at industry
conferences on information technology strategy,
business continuity, digital security and general IT
issues and is frequently quoted in magazines and
newspapers.
He holds a Masters degree in Information
Management from Washington University of St.
Louis, and a Bachelors degree in Computer
Science from Fontbonne College of St. Louis.
practice. Philip specializes in IT Security, Identity
and Access Management, ERP Integrity, SAP
Security, Segregation of Duties (SOD), and
Infrastructure Management (Problem, Incident,
Change, Event Management, Active Directory,
UNIX, etc). He has served in many industries
including automotive, financial, manufacturing,
and Oil & Gas.
Philip has led several engagements as an
Architect where he has invented ideas to
streamline the implementation of security
solutions. He has developed several tools related
to IAM and SAP, which has saved his clients time
and money. Philip’s has extensive implementation
experience in the area of Information Security and
ERP systems.
Philip received a bachelor’s degree from the
University of North Texas in Denton, and his
M.B.A. from the same University. Philip also is a
Certified Information Systems Security
Professional (CISSP). Philip has extensive
experience in IT and Information Security.