The difficulty faced by executives – and many CISOs – is understanding the logic and high level of data disaggregation required by SAP security privilege definitions and how to trust that there will be no leaks of classified information or fraud in system usage.
There are no simple answers. Moreover, considering that annual reviews by external auditors only reflect the reality at the time of the review and, as we discussed before, do not provide the desired level of thoroughness.
However, without being a magic recipe, I present two initial points:
1.The processes related to user accounts and the assignment of their privileges must be well-defined with their respective procedures, which should be followed by all participating actors.
2.Having a software tool that helps monitor and control risks in a simple and easy manner, allowing for proactive action and assisting in resolving detected problems.
If formal processes are not in place as recommended, our professional services have extensive experience in designing, documenting, and implementing them in a simple, fast, and effective way.
CentinelBox is the software tool that allows executives to easily identify risks that their teams need to address at a glance (watch the video at www.centinelbox.com). For security administrators and auditors, its functionality provides the tools to detect a wide range of risks and also to carry out security improvement projects.
For example, in the following two reports, even without understanding the details of the content, the values highlighted in red are points that specialists should review, explain, and resolve. They will remain in that color until resolved.
FastChecklist: a report that presents 18 checkpoints, and as seen, 5 of them are highlighted in red.
To view detailed information for each checkpoint, use the “+” button.
Comparative chart of critical variables in the last 12 months:
In cases where a variation of 5% is detected compared to the previous month, it will be marked in red.
Schedule a personalised demo directly with me so you can see how our platform enables assertive and successful internal control.