- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Information Assurance
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Information Assurance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2008 3:31 PM
Can someone give me a brief description on the role of IA involvement in SAP Security?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2008 4:03 PM
There are lots of things IA can get involved in with security & there are a few on here with more experiance than me in this area so I'm sure they will chip in...Some IA depts do some, all or even none of this:
- Involvement in security strategy
- Identification & specification of security related controls (design control framework)
- Monitoring & testing security controls
- SoD Spec & monitoring
- Monitoring sensitive access
- Part of documentation signoff process/risk review
- Involvement in testing process (design & sign off neg testing)
- Review logs etc
There are plenty more things which someone in IA can be involved in but it very much depends on the cmpany & individual
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2008 4:03 PM
There are lots of things IA can get involved in with security & there are a few on here with more experiance than me in this area so I'm sure they will chip in...Some IA depts do some, all or even none of this:
- Involvement in security strategy
- Identification & specification of security related controls (design control framework)
- Monitoring & testing security controls
- SoD Spec & monitoring
- Monitoring sensitive access
- Part of documentation signoff process/risk review
- Involvement in testing process (design & sign off neg testing)
- Review logs etc
There are plenty more things which someone in IA can be involved in but it very much depends on the cmpany & individual
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2008 7:15 PM
I hadn't heard of "Information Assurance" before - but what with the nasty habits of renaming and relabelling products and professions now-a-days... I hope that I don't have a big gap in my jargon...
Does this "IA" differ in any way (holisticly speaking) from "CSV" - Computer System Validation, a.k.a. "Quality Assurance in IT" a.k.a.?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2008 7:44 PM
Julius,
It depends on how your company implements their IA department. Previously they were only concerned with landscape, but now they have decided to implement themselves into our process and I was just wondering what the SAP standard was for IA involvement. Also while we are on the subject does anybody know what the SAP standard definition of core team members?? Thanks again
James
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2008 7:50 PM
Hi James,
From doing a fair amount of Security Implementations, IA work & security reviews, I can say with a degree of confidence that there is no standard definition or anything which comes close for IA involvement. Everywhere I have worked has been very different and role roles have been influenced by things like industry, regulatory environment, company size, culture of risk management etc.
Even companies which outsource their IA work (or much of it) always want something different.
- SAP Managed Tags:
- Security
