Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Subscribe to this list via RSS Blog posts tagged in risk managers

If your organization has run an SAP system for three years or more, you probably suffer from what we like to refer to as “Deceiving Authorization Roles syndrome.”
SAP Authorization Roles with deceiving one
Whether you’re familiar with this pesky problem or not, maintaining authorization roles for a few years, adding and removing activities and authorization objects, and creating new ones and deleting others all create situations in which authorization roles have names that incorrectly represent their content. This can lead to SAP admins unintentionally granting users with the wrong authorizations.

 

Continue reading
Hits: 7066 2 Comments

One morning the company’s security manager or auditor appears at your door and catches you off guard with a question, “Hey, how can I know if someone is looking at employee salaries or peeking at their social benefits?” Without hesitating or looking away from your computer, you answer the obvious, “Well, if the person doesn’t need this function as part of his job description, he doesn’t have permissions for it.” But this uninvited guest is not leaving. He replies, “And what if he got permission by accident, or if he moved to a different position and the relevant authorization wasn’t removed…? How can I know if this person is still using his old permissions and looking at sensitive employee data?”

iStock_000026249003XSmall.jpg

Continue reading
Hits: 6927 2 Comments

What are your organization’s top three most sensitive T-Codes; the ones that you’re really careful about granting? You’ve had to think about this before, either during an authorization-inspection project, a GRC project or when asked by an auditor. Can you name the “top three?” I’m sure you can. And I’m sure you probably wouldn’t give it a second thought.

iStock_000013987109XSmall.jpg

Continue reading
Hits: 13386 0 Comments

Here are 5 amazing facts based on our vast experience with SAP customers required to maintain SOX compliance, GRC consultants and auditing firms. 

b2ap3_thumbnail_iStock_000012290242XSmall.jpg

Continue reading
Hits: 9394 2 Comments
Hits: 8373 2 Comments

In many organizations, the access to the sensitive SAP T-Code SU01 is much wider than needed. Let's explore why.

iStock_000012928852XSmall.jpg

Continue reading
Hits: 7760 0 Comments

How you can maintain GRC compliance if you have users with dangerous SAP_ALL

(This is the short version of an article regarding the pervasive SAP_ALL Authorization Profile. Download the full article including examples and screenshots here).

Continue reading
Hits: 7752 0 Comments

A couple of years ago, we included a “Lock User” button feature into our security product. If you received a “very high” alert, you could log into the system, catch the fraud in action, press the “Lock User” button and prevent the thief from stealing. Bam…. you’re the hero.

b2ap3 thumbnail iStock 000001818765XSmall 

Continue reading
Hits: 5731 0 Comments

I’m sure you heard this kind of dialog before:

“We need to remove one of your authorizations immediately”

“Why?!”

“Because it violates a segregation of duties rule”

“Which rule???”

“Something to do with the financial auditors”

“But you can’t, I need it to do my job!”

“I can’t do anything about it, sorry. It’s a requirement coming from management”

Continue reading
Hits: 5769 0 Comments

Emergencies happen. Yes, even in businesses. The ones I’m referring to are related to work processes and ERP security. Ok, so it’s not a fire or flood; still any business must be able to handle operational emergencies quickly and effectively. 

emergency access 1

Continue reading
Hits: 5359 0 Comments


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com