Securely Yours LLC. Compliance made easy

Transcription

1 Securely Yours LLC SAP GRC Compliance made easy

2 What are our clients faced with SAP has enhanced roles but our clients are stuck with old definitions. They would like to re-design roles without breaking their bank Having a tool which will allow to recreate roles without compromising existing authority Enhance the SAP security posture enough to enable continuous control monitoring Reduce the cost and time it takes to redesign roles Reduce the cost and time it takes to perform Audits Having a SOD tool, which is easy to implement and is effective across SAP and non-sap environments 2

3 Typical Symptoms Internal auditors comment that users have too many transactions There is a persistent SOD problem There are too many roles in SAP and they are becoming unmanageable SAP security team cannot tell you what is assigned to users SAP security team spends too much time on user access request Need a review of your SAP installation before the external auditor to make sure you are in compliance 3

4 Securely Yours Solution Services and Tools for SAP to: Enhance SAP GRC Assessment Ensure Roles and Transactions are appropriately defined Wild Card use in SAP is appropriately analyzed SOD violations are appropriately reviewed and reported (across SAP and non-sap environments) Make Role Redesign process easier Compliance made easy with easy to use tools which report on changes from period to period 4

5 Solution Sample - Assessment 5

6 Solution Sample Role Design 6

7 Solution Sample - Compliance 7

8 Benefits of using our tools Identifies users with excessive SAP permission Keeps management compliant with audit reviews for appropriate access Reduces the time and cost of role re-redesign Provides a means of comparing user groups and users against assigned roles and transactions Improves the provisioning process Provides continuous monitoring so that compliance is maintained Reduces the time required in analyzing and creating new roles by over 50% Reduces the cost of role reengineering because of reduced time Identifies roles and users that should be assigned the same permissions Reduces the cost and time for internal and external audit review of an Sap installation Incorporates a usable naming convention for roles Tailors solution to an organization s processes

9 Team Members Sajay Rai Philip Chukwuma Sajay is the CEO of Securely Yours LLC. He has more than 32 years of experience in information technology, specializing in information technology architecture, information risks and controls, information strategy and planning. Prior to starting his company, Mr Rai was a Partner in Ernst & Young s Risk Advisory Solutions Practice. He was the Global Coordinating Partner for clients like Blue Cross Blue Shield of Michigan, Yazaki NA, Tecumseh and Compuware. He led major engagements at General Motors, Visteon and DTE. Prior to EY, Mr. Rai worked with IBM for 13 years, most recently serving as Managing Director of the national Business Continuity and Contingency consulting practice. He was instrumental in starting the company s Information Security consulting practice and managing its information technology consulting practice in Latin America. Mr. Rai co-authored a recently published book, Defending the Digital Frontier A Security Agenda. Mr. Rai is a regular speaker at industry conferences on information technology strategy, business continuity, digital security and general IT issues and is frequently quoted in magazines and newspapers. He holds a Masters degree in Information Management from Washington University of St. Louis, and a Bachelors degree in Computer Science from Fontbonne College of St. Louis. Philip is the CTO of Securely Yours, LLC. He Has over 20 years of experience in Information Technology and Information Security. Prior to joining Securely Yours, he was with Ernst & Young where he a Manager with the Risk Advisory practice. Philip specializes in IT Security, Identity and Access Management, ERP Integrity, SAP Security, Segregation of Duties (SOD), and Infrastructure Management (Problem, Incident, Change, Event Management, Active Directory, UNIX, etc). He has served in many industries including automotive, financial, manufacturing, and Oil & Gas. Philip has led several engagements as an Architect where he has invented ideas to streamline the implementation of security solutions. He has developed several tools related to IAM and SAP, which has saved his clients time and money. Philip s has extensive implementation experience in the area of Information Security and ERP systems. Philip received a bachelor s degree from the University of North Texas in Denton, and his M.B.A. from the same University. Philip also is a Certified Information Systems Security Professional (CISSP). Philip has extensive experience in IT and Information Security. 9