Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sap security

5,480 views

Published on

Porre nello stato di massima sicurezza i sistemi SAP in considerazione delle normative vigenti (SOX, GDPR E Privacy).

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sap security

  1. 1. SAP SECURITY
  2. 2. FORFIRM è una società di consulenza IT che utilizza la propria competenza e la propria passione per sviluppare soluzioni innovative per le aziende. Innovare per noi significa migliorare. Le proposte che presentiamo ai nostri clienti sono pertanto moderne, semplici e sicure, perché possano permettere loro di crescere e di perfezionarsi realizzando un’evoluzione che risulti conveniente ed efficace. FORFIRM – Mission
  3. 3. FORFIRM – Servizi Porre nello stato di massima sicurezza i sistemi SAP in considerazione delle normative vigenti (SOX, GDPR E Privacy). Governare complessi progetti IT negli aspetti di gestione portafoglio, Risk Management, Change Management, Budget & Controls. SERVICE MANAGEMENT Sviluppo software applicando architetture API, Responsive in tecnologia JAVA e JAVASCRIPT. Specializzati in progetti di BlockChain Tasso di crescita annuale: 60% dal 2014 al 2017 Utile allocato in formazione: 15% I dipendenti nel 15% hanno un PHD, 75% una laurea e 100% certificati Utile allocato in R&S: 70% SAP SECURITY PROJECT GOVERNANCE SOFTWARE DEVELOPMENT Gestione dei sistemi informativi negli ambiti di Planning Protection, Operations, Release Control & Validation, Incident & Problem management
  4. 4. SAP Security - Servizi I nostri servizi sono indirizzati ad aziende cui siano imposti stringenti obblighi normativi in termini di privacy e che debbano quindi rinnovare costantemente i controlli di sicurezza rivolti ai loro sistemi SAP e alle regole per accedervi. AUDITING verifica conformità del sistema rispetto alle normative SOX e D.LGS 231 SAP GRC definizione SOD Matrix e implementazione workflow procedurali RUOLI AUTORIZZATIVI definizione di regole di comportamento a sistema in linea con le mansioni aziendali
  5. 5. Obiettivo del servizio svolto da SAP Security è quello di porre nello stato di massima sicurezza i sistemi SAP in considerazione delle normative vigenti (SOX, GDPR e D.Lgs 231) e in virtù delle certificazioni e delle partnership ottenute. SAP Security - Servizi Enzo Russo (Partner): Esperto in ambito IT Governance, Risk e Compliance con pregressa esperienza in contesti aziendali complessi come PwC, ACCENTURE, Barclays e Corner. Durante la sua carriera ha maturato esperienze in Italia e all’esterno partecipando a progetti in ambito di Change Management, Risk Management e Compliance. Fabio Vandelli (Manager): Professionista qualificato con esperienza ventennale, ha partecipato in Italia e all’estero a numerosi progetti di Security, Risk e Quality Management in ambito SAP presso clienti del calibro di Pirelli, Deutsche Bank, BMW, Iveco e Vodafone.
  6. 6. Auditing PROJECT STARTUP Project scope agreement and confirmation Identification of the user’s coordinator/PM Establishment of project management and standards Definition of project team, staffing and logistics Identification of business units and their representatives Assignment of roles and responsabilities Development of project plans and schedules Verification of the initial requirements fulfillment Planning of verification meetings with the customer INFORMATION GATHERING Interviews with data owners Interviews with data holders Interviews with system owners Analysis of collected information Vulnerability assessment RISK ASSESSMENT Identification of the risks derived from the highlighted vulnerabilities Accordingly with the customer’s PM, determination of the acceptable risk level the company may assume Definition and confirmation of countermeasures to be taken Drafting of an intervention proposal the customer will have to subsequentally validate VALIDATIONPROCESS REPORT AND GUIDANCE Preparation of the final report. Actions to be taken to eliminate the vulnerabilities will be listed in it. Delivery of the report to the PM for formalization
  7. 7. SAP GRC Risk Recognition Rules Building and Validation Analysis Remediation Mitigation Continuous Compliance Identification of known conflicts Adaptation of the Best Practices to the local environment Creation of Analytical reports using the Compliance Calibrator™ Determination of corrective actions to eliminate risks Planning of alternative controls to mitigate risks Detection of changes in Roles and User assignments Conflicts grading: high, medium or low Rules validation Quantification of efforts to eliminate unnecessary elements Corrective actions approval Definition of new monitoring processes Simulation of changes applied to Roles and Users Detection of new risks to consider in future monitoring Tests customization Roles analysis Corrective actions execution Creation of new documents containing updated conflict mitigation rules Presentation of regular reviews on critical transactions assignments and necessary changes to the monitoring rules Application of the defined rules to test Users and Roles Users analysis Modification of old Roles or creation of new Roles or change of Roles assignments Implemetation of the new monitoring rules Proposal of roles modification
  8. 8. Ruoli Autorizzativi Analisys Changes to Auth. Roles (limited to 50 users) Distribution Role 1, Role 2, . . . Role N
  9. 9. Enzo Russo e.russo@forfirm.com +39 335 803 1283 Fabio Vandelli f.vandelli@forfirm.com +39.393.8102282

×