Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GRC 10 AC

2,641 views

Published on

GRC 10 ACCESS CONTROL RISK ANALYSIS

Published in: Technology, Business
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Thank you sir,I recently came across your blog and have been reading along. niceexplanation.We are providing sap sd online training . It is more effective and interest for new learners. I thought I would leave my first comment. I feel great after reading this information. sap sd online training
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

GRC 10 AC

  1. 1. AC 10.0 Enhanced Access Risk Analysis Customer Solution Adoption June 2011 Version 2.0
  2. 2. Purpose of this document This document describes the major enhancements to the access risk analysis capability of GRC, including end user customization and personalization. It covers how to navigate through the different reports, and also about new functionality such as new bulk maintenance, automation, audit trail, and mitigation options.
  3. 3. © 2011 SAP AG. All rights reserved. 3 Agenda  Introduction  Rule Set Maintenance  New Risk Analysis Framework  System Specific Mitigation  Mass Mitigation  Approval Process for Functions  Additional Audit Trail Tracking
  4. 4. Introduction • Enhanced Access Risk Analysis Overview
  5. 5. © 2011 SAP AG. All rights reserved. 5 Enhanced Access Risk Analysis Overview Enhances the leading access analysis engine with an intuitive interface that supports end user customization and personalization. New bulk maintenance, automation, audit trail, and mitigation options enable a faster and more efficient path to compliance.  More efficient, flexible access risk analysis options and improved ability to analyze results  Faster deployments and easier data maintenance over time.  Reduce broad application of controls  Ability to repurpose workflows including routing and escalation logic, by utilizing the standardized workflow engine  New interface allows targeted risk analysis as well as importing, editing, and reusing analysis criteria  New ability to customize and personalize access risk results  Enables Business Role and CUA composite role risk analysis  New ability to mitigate by system and by access rule ID  New support for mass mitigation, including assignment and maintenance with bulk updates  New function maintenance workflow  Enhanced Audit Trail Solution Enhancements Key Benefits
  6. 6. Rule Set Maintenance • Overview • Maintaining Rules • User Interface Elements
  7. 7. © 2011 SAP AG. All rights reserved. 7 Rule Set Maintenance Overview Rule Set Maintenance: • Consistent user experience throughout the application • Ability to filter and sort reports listing rule sets, functions and risks • Ability to hide and rearrange columns listing rule sets, functions and risks
  8. 8. © 2011 SAP AG. All rights reserved. 8 Maintaining Rules Rule Setup Navigate to Access Rule Maintenance for creation and maintenance of rules
  9. 9. © 2011 SAP AG. All rights reserved. 9 Maintaining Rules Function Select Function to create or maintain the function with actions and permissions Change History tab available
  10. 10. © 2011 SAP AG. All rights reserved. 10 Maintaining Rules Function Mass Maintenance Streamlined user interface with step by step process
  11. 11. © 2011 SAP AG. All rights reserved. 11 Maintaining Rules Risk Select Access Risk to create or maintain the risk Change History available
  12. 12. © 2011 SAP AG. All rights reserved. 12 Maintaining Rules Generate Rules The Generate Rules button in the Function and Risk menu bar is available to update the rules in either Foreground or Background
  13. 13. © 2011 SAP AG. All rights reserved. 13 User Interface Elements Filtering The query result set can be filtered
  14. 14. © 2011 SAP AG. All rights reserved. 14 User Interface Elements Sorting The column can be sorted in ascending or descending order by clicking the column name
  15. 15. © 2011 SAP AG. All rights reserved. 15 User Interface Elements Hide and Rearrange Columns Columns can be hidden and the sequence can be changed
  16. 16. © 2011 SAP AG. All rights reserved. 16 User Interface Elements Rearrange Columns The Sorting, Calculation, Filter, Display, and Print Settings can be maintained and saved as user specific view
  17. 17. © 2011 SAP AG. All rights reserved. 17 User Interface Elements User Query and Personalization Streamlined user interface with step by step process to define a new query User Personalization available to define the default view
  18. 18. © 2011 SAP AG. All rights reserved. 18 User Interface Elements User Help A quick user help or field help can be displayed with the right button of the computer mouse
  19. 19. New Risk Analysis Framework • Overview and Benefits • Conditions • Multiple Risk Analysis Types • Multiple Selections and File Upload • Report Options
  20. 20. © 2011 SAP AG. All rights reserved. 20 Risk Analysis Framework Overview and Benefits New risk analysis framework includes: • Different conditions can be configured and combined • Multiple risk analysis reports can be run at the same time • Multiple selections can be imported from a file • Drill-downs available across the reports • Columns in the report can be hidden and rearranged • Reports provide transaction execution data • Crystal and PDF reports available • The reports can be sorted by any column The new risk analysis framework provides the following benefits: • Provides a consistent interface with other GRC modules • Faster report processing by including only the information required by the users • It saves time to the users by allowing them to import report variables from files
  21. 21. © 2011 SAP AG. All rights reserved. 21 Risk Analysis Framework Conditions Conditions can be added and removed as required. Multiple operators are provided depending on the condition.
  22. 22. © 2011 SAP AG. All rights reserved. 22 Risk Analysis Framework Multiple Risk Analysis Types When executing a risk analysis it is now possible to perform multiple risk analysis types at the same time
  23. 23. © 2011 SAP AG. All rights reserved. 23 Risk Analysis Framework Multiple Selections and File Upload When a condition is switched to multiple selections a new window can be launched. This not only will allow multiple selections but also upload values from a text file.
  24. 24. © 2011 SAP AG. All rights reserved. 24 Risk Analysis Framework Large Reports: Result Sets When the reports are too large they are split in different “Result Sets”, this allows exporting them in multiple files preventing file size restrictions and providing better memory management.
  25. 25. © 2011 SAP AG. All rights reserved. 25 Risk Analysis Framework Report Settings Filter and Settings to customize and search the Result Set. Customize the columns the user wants to see and also sorting controls available
  26. 26. © 2011 SAP AG. All rights reserved. 26 Risk Analysis Framework New Columns: Last Executed On and Execution Count You can now see in the risk analysis results how many times and when the transaction was last executed
  27. 27. © 2011 SAP AG. All rights reserved. 27 Risk Analysis Framework Drill-down on Reports In the access risk analysis reports it is now possible to drill down on the User IDs and Access Risk IDs.
  28. 28. © 2011 SAP AG. All rights reserved. 28 Risk Analysis Framework Drill-down on Risk Definitions It is possible to drilldown on functions and user ID who modified a risk
  29. 29. © 2011 SAP AG. All rights reserved. 29 Risk Analysis Framework Crystal Reports Reports can be now shown as Crystal Reports. No additional software is required on the server, but the clients require to install the Crystal Report Adapter.
  30. 30. © 2011 SAP AG. All rights reserved. 30 Risk Analysis Framework Export to PDF Users can create a PDF version of the reports by clicking on the Print Version button. This functionality requires an Adobe Document Services instance in the GRC landscape.
  31. 31. System Specific Mitigation • Overview and benefits • Assigning a Mitigating Control • Listing mitigating controls
  32. 32. © 2011 SAP AG. All rights reserved. 32 System Specific Mitigation Overview and Benefits System Specific Mitigation • Allows assigning a mitigating control to specific systems • Multiple systems can be chosen while assigning a mitigating control Benefits of this feature include: • Less complexity while defining risks and assigning mitigating controls due to an easy interface for assigning controls to multiple systems. • More flexibility as of which risks are mitigated on specific systems
  33. 33. © 2011 SAP AG. All rights reserved. 33 Assigning a Mitigating Control User When assigning a mitigating control to a user it is possible to select multiple systems
  34. 34. © 2011 SAP AG. All rights reserved. 34 Assigning a Mitigating Control Role This also applies for all other types of mitigations, as shown here on the Mitigated Roles screen.
  35. 35. © 2011 SAP AG. All rights reserved. 35 Listing Mitigating Controls Reporting The System column will show on which systems the respective mitigating control has been assigned.
  36. 36. Mass Mitigation • Overview and Benefits • Assigning a Mitigating Control to Multiple Risks
  37. 37. © 2011 SAP AG. All rights reserved. 37 Mass Mitigation Overview and Benefits Mass Mitigation: • While viewing an access risk analysis report, multiple risks can now be mitigated at once Benefits of this feature include: • Speed up the mitigation process by assigning multiple mitigations in a single step • Improve mitigating control quality; less steps to mitigate multiple risks means less potential errors introduced by the user.
  38. 38. © 2011 SAP AG. All rights reserved. 38 Assigning Mitigating Controls Multiple Risk Selection • Every access risk analysis report provides a button for mitigating risks; simply select multiple entries and click the Mitigate Risk button • A single mitigating control can be assigned to all selected risks.
  39. 39. © 2011 SAP AG. All rights reserved. 39 Assigning Mitigating Controls Control Parameters After clicking Mitigate Risk, any control assigned to the risk id will be auto-populated. The control can be replaced by clicking in the Control ID field and searching available controls or creating a new control with the Create Control button
  40. 40. © 2011 SAP AG. All rights reserved. 40 Assigning Mitigating Controls Validity Periods You can update the status and validity periods for multiple control assignments by selecting one or many rows and selecting the Status or Validity Period buttons. (mass update to validity period shown)
  41. 41. © 2011 SAP AG. All rights reserved. 41 Assigning Mitigating Controls System and Rule ID Selection Mitigation can be done at the access rule ID level or system level. Enter * to mitigate across all systems and all rule ID’s. Select a row and click View Details to see additional details about the assigned Control (long, short description, assigned risks, monitor, and so on)
  42. 42. Approval Process for Functions • Overview • Configuration Setup • Workflow
  43. 43. © 2011 SAP AG. All rights reserved. 43 Approval Process for Functions Overview  New feature in Access Control 10.0  Functions are the building blocks of risks in manage and analyze access risk  Any changes in functions will have a direct effect on the access rule set  Changes in functions need to be tracked and audited
  44. 44. © 2011 SAP AG. All rights reserved. 44 Configuration Setup Launching IMG Task Addition of New Functions or Changes to Existing Functions for the Rule Architect can have their own Approval Process Workflow for Function Maintenance is enabled as part of the Access Control Configuration parameters. Execute transaction SPRO  SAP Reference IMG  Governance Risk and Compliance  Access Control  Maintain Configuration Settings
  45. 45. © 2011 SAP AG. All rights reserved. 45 Configuration Setup Adding configuration parameters Click New Entries Enter Configuration  Parameter Group – 5 Workflow  Parameter ID – 1064 Function Maintenance  Parameter Value – YES  Click Save
  46. 46. © 2011 SAP AG. All rights reserved. 46 Workflow Submitting Changes  When configuration for workflow is active, the button to complete the maintenance will specify SUBMIT instead of SAVE  To access Functions: From NWBC or Portal  Rule Setup Workbox  Access Rule Maintenance  Functions
  47. 47. © 2011 SAP AG. All rights reserved. 47 Workflow Workflow Inbox  Upon Submission a workflow will be delivered to the workflow approver for approval or rejection  If configured, the user will receive an Email notifying that a new work item has arrived in their workbox.
  48. 48. © 2011 SAP AG. All rights reserved. 48 Workflow Approval / Rejection Decision  The workflow approver can then approve or reject each item in the Workflow Inbox.
  49. 49. © 2011 SAP AG. All rights reserved. 49 Workflow Configuration Workflow is configured in SAP Reference IMG  Transaction SPRO  SAP Reference IMG  Governance Risk and Compliance  Access Control  Workflow for Access Control  Maintain MSMP Workflows Terminology – MSMP is abbreviation for Multi-State, Multi-Path Workflow
  50. 50. © 2011 SAP AG. All rights reserved. 50 Workflow Process ID Function Maintenance workflow is delivered in the Business Configuration (BC) Set  The first step is Process Global Settings
  51. 51. Additional Audit Trail Tracking • Overview • Benefits • Configuration • Viewing the Audit Trail
  52. 52. © 2011 SAP AG. All rights reserved. 52 Audit Trail Overview All changes related to access rules can be tracked. The following components can have an audit trail:  Function  Risk  Org Rule  Supplementary Rule  Critical Role  Critical Profile  Rule set A new configuration parameter has been included for maintaining the components to be tracked
  53. 53. © 2011 SAP AG. All rights reserved. 53 Audit Trail Benefits Quick access to the history of changes of the access rules. Administrators and power users can easily track who changed the different components of an access rule. This is useful when finding problems related to inconsistent rules. Comprehensive information about the changes to access rules including not only who made the change and when that change was made, but also information such as the old and new values. Higher visibility of changes, as the application is able to log information about every type of change to the rules, including changes to functions, rule sets, critical access rules and additional access rules. Auditors can have a detailed view of all changes in a single location.
  54. 54. © 2011 SAP AG. All rights reserved. 54 Configuration Launching IMG Task Components to be tracked are configured using IMG under Maintain Configuration Settings
  55. 55. © 2011 SAP AG. All rights reserved. 55 Configuration Adding Configuration Parameters  A new parameter is available: Change Log  A list of all available components is shown. This parameter can be configured for each required component.
  56. 56. © 2011 SAP AG. All rights reserved. 56 Viewing the Audit Trail Change History Each access rule component (please refer to the Overview) has a Change History tab; if the respective configuration entry was set in IMG a complete audit trail will be shown. The report will show the old and new values, who applied these changes, and the time of the operation.
  57. 57. © 2011 SAP AG. All rights reserved. 57 Viewing the Audit Trail Exporting the Change History The report can be exported in Excel for further processing. Also, a printer-friendly version can be shown by clicking the respective button
  58. 58. © 2011 SAP AG. All rights reserved. 58 Viewing the Audit Trail Change Log Report A change log report is available in the reports & analytics workcenter that provides reporting of all audit trail enabled AC objects.
  59. 59. Thank You! Contact information: Luis Bustamante Customer Solution Adoption (GRC) luis.bustamante@sap.com
  60. 60. © 2011 SAP AG. All rights reserved. 60 No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. © 2011 SAP AG. All rights reserved Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice. SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence. The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.

×