Securely Yours LLC

SAP GRCSAP GRC

Compliance made easy

What are our clients faced with

� SAP has enhanced roles but our clients are stuck with

old definitions. They would like to re-design roles

without breaking their bank

� Having a tool which will allow to recreate roles without

compromising existing authoritycompromising existing authority

� Enhance the SAP security posture enough to enable

continuous control monitoring

� Reduce the cost and time it takes to redesign roles

� Reduce the cost and time it takes to perform Audits

� Having a SOD tool, which is easy to implement and is

effective across SAP and non-SAP environments2

Typical Symptoms

� Internal auditors comment that users have too many

transactions

� There is a persistent SOD problem

� There are too many roles in SAP and they are becoming

unmanageableunmanageable

� SAP security team cannot tell you what is assigned to

users

� SAP security team spends too much time on user

access request

� Need a review of your SAP installation before the

external auditor to make sure you are in compliance3

Securely Yours Solution

� Services and Tools for SAP to:

� Enhance SAP GRC Assessment

� Ensure Roles and Transactions are appropriately

defineddefined

� Wild Card use in SAP is appropriately analyzed

� SOD violations are appropriately reviewed and

reported (across SAP and non-SAP environments)

� Make Role Redesign process easier

� Compliance made easy with easy to use tools

which report on changes from period to period

4

Solution Sample - Assessment

5

Solution Sample – Role Design

6

Solution Sample - Compliance

7

Benefits of using our tools

� Identifies users with excessive SAP permission

� Keeps management compliant with audit reviews for appropriate access

� Reduces the time and cost of role re-redesign

� Reduces the time required in analyzing and creating new roles by over 50%

� Reduces the cost of role re-engineering because of reduced time

� Identifies roles and users that role re-redesign

� Provides a means of comparing user groups and users against assigned roles and transactions

� Improves the provisioning process

� Provides continuous monitoring so that compliance is maintained

� Identifies roles and users that should be assigned the same permissions

� Reduces the cost and time for internal and external audit review of an Sap installation

� Incorporates a usable naming convention for roles

� Tailors solution to an organization’s processes

Team Members

Sajay is the CEO of Securely Yours LLC. He has

more than 32 years of experience in information

technology, specializing in information technology

architecture, information risks and controls,

information strategy and planning. Prior to starting

his company, Mr Rai was a Partner in Ernst &

Sajay Rai Philip Chukwuma

Philip is the CTO of Securely Yours, LLC. He Has

over 20 years of experience in Information

Technology and Information Security. Prior to

joining Securely Yours, he was with Ernst &

Young where he a Manager with the Risk Advisory

practice. Philip specializes in IT Security, Identity

9

his company, Mr Rai was a Partner in Ernst &

Young’s Risk Advisory Solutions Practice. He was

the Global Coordinating Partner for clients like

Blue Cross Blue Shield of Michigan, Yazaki NA,

Tecumseh and Compuware. He led major

engagements at General Motors, Visteon and

DTE .

Prior to EY, Mr. Rai worked with IBM for 13 years,

most recently serving as Managing Director of the

national Business Continuity and Contingency

consulting practice. He was instrumental in

starting the company’s Information Security

consulting practice and managing its information

technology consulting practice in Latin America.

Mr. Rai co-authored a recently published book,

Defending the Digital Frontier – A Security

Agenda. Mr. Rai is a regular speaker at industry

conferences on information technology strategy,

business continuity, digital security and general IT

issues and is frequently quoted in magazines and

newspapers.

He holds a Masters degree in Information

Management from Washington University of St.

Louis, and a Bachelors degree in Computer

Science from Fontbonne College of St. Louis.

practice. Philip specializes in IT Security, Identity

and Access Management, ERP Integrity, SAP

Security, Segregation of Duties (SOD), and

Infrastructure Management (Problem, Incident,

Change, Event Management, Active Directory,

UNIX, etc). He has served in many industries

including automotive, financial, manufacturing,

and Oil & Gas.

Philip has led several engagements as an

Architect where he has invented ideas to

streamline the implementation of security

solutions. He has developed several tools related

to IAM and SAP, which has saved his clients time

and money. Philip’s has extensive implementation

experience in the area of Information Security and

ERP systems.

Philip received a bachelor’s degree from the

University of North Texas in Denton, and his

M.B.A. from the same University. Philip also is a

Certified Information Systems Security

Professional (CISSP). Philip has extensive

experience in IT and Information Security.