All of the mentioned authorization issues can be easily remediated by conducting regular security reviews. Ignoring these issues or not attending to them on a regular basis can result in serious vulnerabilities.
Before SAP’s launch of their GRC tools, SAP Security Administrators used only a couple of transaction codes (T-codes) to audit and control security and [...]
IT professionals today intuitively understand the value of Single Sign-On (SSO) – improved productivity, reduced password administration effort, and a dramatic decrease in calls to the IT helpdesk due to forgotten passwords. Studies1 have shown that password reset requests can make up to 30% of a company’s helpdesk calls. However, intuition and external studies might [...]
Identity & Access Management (IAM) is involved in the identification, implementation, administration and termination of identities with access to information systems, buildings and data within an organization. Identities, for example, are company employees, system users, business partners and technical objects such as network printers and technical users. With these methods, all phases of the IAM [...]
Our business environment becomes more mobile by the day: globalization has resulted in more travel, shared work spaces, and virtual home offices. Increasingly, companies are replacing desktops with laptops. The falling price of laptops and the integration of mobile personal digital assistants (PDAs) with the corporate IT infrastructure ensure a high level of acceptance for [...]
This post is a slight adaptation of an old post of mine on the BPX Community of SAP on the 2nd of May of 2007. Almost years have passed by, but most companies are still far away from reaching the described state, so what I describe is still very actual.
The originating question was: What kind [...]
Segregation of Duties, also called Separation of duties (SoD) has been in the headlight of public accounting firms since the beginnings of the Sarbanes-Oxley regulations, specifically the 404 section. Wikipedia describes it as: “the concept of having more than one person required to complete a task. It is alternatively called segregation of duties or, in [...]
Just a few days ago, Microsoft had to admit serious security issues in almost all of its web-enabled products, not only in the browser, but also in e-mail and other productivity applications. The recommendation of the German Federal Office for Security in the Information Technology (BSI) was not to use products that use the browsing [...]