- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- security strategy
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
security strategy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2007 8:56 PM
Hi SAP Gurus,
I have multiple questions.
first, let me explain situation
- New implementation of NW04S + ECC5
- Used are BI7 only , GL,FI/CO,TR ( all financial products)
- Small-medium size company with 3-4 company codes.
- SOX is a big issue but no Versa.
- CUA implemented, (don't know why land scape is very small)
Question 1
I need a security strategy template to out line a security strategy.
If some on have an example that I can follow, will appreciate it, other wise if I can be pointed in right direction.
Question 2
What should be my security design strategy, any suggestions in this kind of situation.
Thanks
T.Jay
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2007 3:21 PM
Hi,
1. Security strategy is company specific and its company property.
2. Design your self.
yes. SOX is a big issue.
first be specific about the job roles(positions) and gather required transactions.
then create roles or you can copy predefined roles.
then find out the critical and conflict transactions across the business roles, and try to exclude them.
it s not that much easy to prepare and implement, but it s possible.
Thanks,
Praveen.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2007 3:21 PM
Hi,
1. Security strategy is company specific and its company property.
2. Design your self.
yes. SOX is a big issue.
first be specific about the job roles(positions) and gather required transactions.
then create roles or you can copy predefined roles.
then find out the critical and conflict transactions across the business roles, and try to exclude them.
it s not that much easy to prepare and implement, but it s possible.
Thanks,
Praveen.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2007 4:25 PM
Hi TJ,
Check this info ..can be helpful...
http://www.sapsecurityonline.com/sox_sod/sod_matrix_fi.htm
Br,
Sri
Award points for helpful answers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2007 11:37 PM
Hi,
Some of the following links would give you an over view.
http://www.auditnet.org/sapaudit.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/3f/857e41564c020de10000000a1550b0/frameset.htm
http://www.law.uc.edu/CCL/SOact/toc.html
http://www.auditnet.org/sarbox.htm
http://www.isaca-kc.org/doc/Segregation%20of%20Duties.pdf
I will try to share more info.
Cheers
Soma
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2007 9:49 PM
Thank you all for your inputs.
Security document is in fact a part of functional / management team responsibility in which you help them with your inputs and thoughts as it varies with business processes.
Thank you again.
TJ
Message was edited by:
Tee Jay
- SAP Managed Tags:
- Security
