AGLEA SAP Security Analyzer SoD Remediation SoX authorization


Published on

Show Security Analyzer Software developed by AGLEA.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

AGLEA SAP Security Analyzer SoD Remediation SoX authorization

  1. 1. 30 marzo 2009 – ANDREA CAVALLERI 11 1
  2. 2. The company Aglea was founded in 2003 as a company specializing in the management of users and authorizations of the SAP world Work directly or beside major System Integrator AGLEA is part of APL Italian SpA, owner of the software "SOFIA" ® (portfolio manager titles Banks and Insurance) 29.9.09 Security Analyzer 22 2
  3. 3. Le competenze I FOCUS: Consulting SAP Security project New implementations Authorizations review based on RBE (Reverse Business Engineering) Authorizations upgrade Auditing Sarbanes Oxley / Dlgs 231/2001 / L 262/2005 Dlgs 196/2003 Segregation of Duties Risk management Sod Anlysis Software Security Analyzer 29.9.09 Security Analyzer 33 3
  4. 4. Security Analyzer Security Analyzer (SA) is the application that manages the SAP Security (users and authorization) Is formed by two ABAP that download security information from a SAP System a Microsoft Access application for import and process data SA is compatible with SAP systems starting from release 4.6 of R/3 29.9.09 Security Analyzer 55 5
  5. 5. Strengths S.A. : Customizable. This means it can be adapted to specific customer requirements Lets cross our authorizations with the statistics, even in the SOD analysis SOD tab contains an SoD matrix of risks (based on transactions SAP R/3-ECC) Performs special analysis that help identify "noncompliance" to use the profile generator Is very quick to install and use Allows you to make retrospective analysis Is fully developed by Aglea, which operates exclusively in the consulting SAP security 29.9.09 Security Analyzer 66 6
  6. 6. Integrazione con GRC SA is not an alternative to the SAP GRC Access Control. The “point of contatc” is in the SOD Security Analyzer is ideal for analyzing a SAP system in review of authorizations and monitoring role model adopted Reporting of SA is complementary to the GRC and is particularly useful when REMEDIATION 29.9.09 Security Analyzer 77 7
  7. 7. Security Analyzer After installing the two reports in ABAP system to analyze the process of documentation and analysis is very simple Extracting data from SAP (53 + tables usage statistics) and place in a directory Design (one time) of a project in SA and customize your settings Importing data into SA Generation of reports needed Conducting analysis more specific analysis on authorizations (a “SUIM” more powerful) analysis of SOD-based transactional 29.9.09 Security Analyzer 88 8
  8. 8. Project definition The first action is to create a project With a client SAP SA can keep data on line for one system at a time 29.9.09 Security Analyzer 99 9
  9. 9. Project definition Form in which you can specify the specific attributes of project 29.9.09 Security Analyzer 1010 10
  10. 10. Importazione Rapid import (about 15 minutes) of data exported from SAP You can even import some tables, divided by subject A dedicated LOG provides useful information on any problems encountered during the import 29.9.09 Security Analyzer 1111 11
  11. 11. Reports Mask for the opening of the output you can: • obtain a query to be exported to Excel •directly save xls •print report format (PDF), choosing among the more than 100 models currently 29.9.09 Security Analyzer 1212 12
  12. 12. Reports 29.9.09 Security Analyzer 1313 13
  13. 13. Reports 29.9.09 Security Analyzer 1414 14
  14. 14. Organizational Analysis If the scenario is implemented HR, can be analyzed off-line organizational structure There are specific information and features not available directly from SAP 29.9.09 Security Analyzer 1515 15
  15. 15. Indicators The main information of the Security are summarized in a single screen. Con essa è possibile supervisionare lo stato di salute del sistema in pochi minuti 29.9.09 Security Analyzer 1616 16
  16. 16. Auditing Can do analysis in the audit focused on authorization objects You can create as many audits by excluding from analysis any blocked users or SAP_ALL and SAP_NEW 29.9.09 Security Analyzer 1717 17
  17. 17. Auditing The details are specified in the affected and the values to be found You can enter up to 3 values in "OR". 29.9.09 Security Analyzer 1818 18
  18. 18. SOD Analysis The analysis of SOD may be conducted on 5 items SAP 1. Composite role(Job Role) 2. Simple role (Task), Menu tcode level 3. 4. Simple role (Task), Authorizations tcode level (S_TCODE) Permissions assigned to the user (User). In this case, if a user has a permission on S_TCODE range or with asterisks, are still identified all transactions matching Transactions statistics used. This feature allows you to act quickly on the real risks and then into the potential 5. You can also generate an additional SOD matrix-based Job Roles. 29.9.09 Security Analyzer 1919 19
  19. 19. SOD Analysis 29.9.09 Security Analyzer 2020 20
  20. 20. SOD Analysis 29.9.09 Security Analyzer 2121 21
  21. 21. Mapper The function mapper lets you find the best set of roles (chosen from a list of "candidates") to be assigned to a user based on his statistics 29.9.09 Security Analyzer 2222 22
  22. 22. Mapper Creating a composed role - identifying TASK 29.9.09 Security Analyzer 2323 23
  23. 23. Mapper Mapping users and roles according to statistics 29.9.09 Security Analyzer 2424 24
  24. 24. Version and Licensing 29.9.09 Security Analyzer 2525 25