Fahri BaturOctober 2013 SAP GRC AC ARA Access Risk Analysis Requirements Gathering Workshop.

Slides:



Advertisements
Similar presentations
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Advertisements

System Development Life Cycle (SDLC)
Identifying enablers & disablers to change
Confidential Agenda sparesFinder introduction Key Issues Master data harmonisation – Cleansing process Item Management & Governance – Governance Issues.
HP Quality Center Overview.
Enterprise Resource Planning
1 Information Systems Development (ISD) Systems Development Life Cycle Overview of Analysis Phase Overview of Design Phase CP2236: Information Systems.
(Insert Title of Project Here) Kickoff Meeting (Month Date, Year)
1 Dr. Djamal Ziani SAP Project Management. 2 ASAP Accelerated SAP (ASAP) is SAP's standard implementation methodology. It contains the Roadmap, a step-by-step.
© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Shoper 9 Implementation in Chain Store March 2010.
ITIL: Service Transition
Project Perfect Pty Ltd Project Administrator Overview of Software.
Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.
Lecture 13 Revision IMS Systems Analysis and Design.
University of Southern California Enterprise Wide Information Systems Functionality and the Reference Model Instructor: Richard W. Vawter.
CSE Information Systems 1 IMS Information Systems 1 Revision.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Introduction University of Mississippi at a glance University of Mississippi at a glance Admissions (Before and After ISR) Admissions (Before and After.
SAP An Introduction October 2012.
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
EVAT Solution Workshop Public. ©2013 SAP AG. All rights reserved.2 Public 1. eVAT Background 2. SARS process 3. SAP Reporting 4. Note Information 5. Short.
1 Data Strategy Overview Keith Wilson Session 15.
> Blueprint Kickoff >. Introductions Customer Vision & Success Criteria Apigee Accelerator Overview Blueprint Schedule Roles & Responsibilities Communications.
Effective Methods for Software and Systems Integration
MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
 A project is “a unique endeavor to produce a set of deliverables within clearly specified time, cost and quality constraints”
Chapter 5 Internal Control over Financial Reporting
Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA USA :
Auditing Information Systems (AIS)
MERCURY BUSINESS PROCESS TESTING. AGENDA  Objective  What is Business Process Testing  Business Components  Defining Requirements  Creation of Business.
Lecture 7: Requirements Engineering
普 华 永 道 Phase 1: Project Preparation Phase 1: Project Preparation Phase Overview Phase Overview.
The Client/Server Database Environment Ployphan Sornsuwit KPRU Ref.
Assessing the influence on processes when evolving the software architecture By Larsson S, Wall A, Wallin P Parul Patel.
Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.
SAP Identity Management 7.2 Implementation
I Copyright © 2007, Oracle. All rights reserved. Module i: Siebel 8.0 Essentials Training Siebel 8.0 Essentials.
] COREY PEARSON [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2008 CHAVONE JACOBS [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2003 ALLAN FISHER [ ASUG INSTALLATION.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Future Research Leaders Program Module 5 Financial, Resource and Risk Management.
 CMMI  REQUIREMENT DEVELOPMENT  SPECIFIC AND GENERIC GOALS  SG1: Develop CUSTOMER Requirement  SG2: Develop Product Requirement  SG3: Analyze.
Systems Integration EGN 5623 Enterprise Systems Optimization (Professional MSEM) Fall, 2011 Systems Integration EGN 5623 Enterprise Systems Optimization.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.
ONLINE KNOWLEDGE PRODUCT OF SAP GRC Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA
©© 2013 SAP AG. All rights reserved. Product Development Scenario Overview Open Legend Project Manager Scenario Description The following business roles.
Statistical process model Workshop in Ukraine October 2015 Karin Blix Quality coordinator
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.
Review of IT General Controls
ITIL: Service Transition
SAP GRC(Governance Risk and Compliance) online tutorial
Office 365 Security Assessment Workshop
ERP & APO Integration Theories & Concepts
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING UK
Project PORTLINK Customer Workshops DECEMBER 2004
ERP & APO Integration Theories & Concepts EGN 5623 Enterprise Systems Optimization (Professional MSEM) Fall, 2011.
Guidance notes for Project Manager
Product Development Scenario Overview
Identifying enablers & disablers to change
SAP GRC EOH GRC Solutions Divisional divider Option 1.
Portfolio, Programme and Project
Configuration Management
Information Systems Development (ISD) Systems Development Life Cycle
(Insert Title of Project Here) Kickoff Meeting
Presentation transcript:

Fahri BaturOctober 2013 SAP GRC AC ARA Access Risk Analysis Requirements Gathering Workshop

Today is all about exploring how you will use Access Control by leveraging your business knowledge and our product knowledge to arrive at design decisions that will enable us to write the Blueprint and configure the system It is important we have people in this session that can provide (with our help) direction in terms of how you will use Access Control So lets start by doing introductions around the room to include what your area of interest is in relation to Access Control About This Session Introduction

Requirements gathering for Segregation of Duties management via the Access Risk Analysis (ARA) module Agenda Running Order

Integrc’s role today Ask you lots of questions about how you will use Access Control Provide context to what we’re discussing and how our questions relate to your future use of Access Control To help you understand how Access Control will need to be set-up in order to meet your business requirements Tease out all the detail we will need to write the Blueprint and configure your solution How We’re Going to Do This A little insight into what’s in store Your role today Answer lots of questions! Provide business context Between us, we will establish all the facts we need to proceed

Good old fashioned talking where your business knowledge and our product knowledge comes together How We’re Going to Do This Method We have various techniques and aids to help us identify how Access Control will need to be configured Structured questionnaire that will ensure we capture all information we need Access to the Integrc GRC lab where we can demo scenarios through the day for context if necessary

Lets Start at the Very Beginning Overview of SAP GRC Access Control Gavin Campbell - Director Risk Identification & Remediation Prevention Business Role Management Role definition and management Business Role Management Role definition and management Access Risk Analysis Risk analysis, detection, and remediation solution for access and authorisation controls Access Risk Analysis Risk analysis, detection, and remediation solution for access and authorisation controls Emergency Access Management Privileged user access control solution Emergency Access Management Privileged user access control solution Access Request Management Compliant provisioning solution Access Request Management Compliant provisioning solution Sprint Phase (Get Clean) Marathon Phase (Stay Clean) Privileged User Access Role Management Role Management

Access Risk Analysis (ARA) Segregation of Duties Management The rules engine that enables your Segregation of Duties reporting Interfaces with other Access Control modules to enable compliant processes for provisioning and role management Holds your definition of Segregation of Duties risks Analyses roles and users in real time against defined SoD risks to provide visibility of where risks are

Just Before We Start For each Access Control module, we will need to capture the following variables:- System settings and parameters Will dictate how your system behaves and what default settings it uses Configuration settings Dictate how you will use the solution and how your GRC processes will work Master data An Insight Into the Variables We Need to Capture Cross Application Configuration and Settings

Target Systems A target system is a backend system that will be connected to Access Control for the purposes of risk analysis, provisioning, super user management or role management Identify Systems to be Connected to Access Control Click icon for Target Systems data capture sheet

Connectors Communication Channels Between GRC and Target Systems A connector is created in GRC for each target system that Access Control will connect to. Your consultant will capture the connector details for each in scope system Implement Click icon for Generic System Settings data capture sheet

Implement Maintain Connector Definition A connector definition is required for each defined connector/target system. Your consultant will capture these technical settings for the purpose of documenting them in the Blueprint Technical Connector Settings Implement Click icon for Generic System Settings data capture sheet

Connector Groups Your consultant will discuss with you the different types of connector groups, what the advantages are of each type and establish which are best for you Logical Groupings of Physical Connections Implement Click icon for Generic System Settings data capture sheet

Connector Integration Scenarios Integration scenarios are used to define the flow of information between different application components. Your consultant will help work out which scenarios are relevant to you Implement Click icon for Generic System Settings data capture sheet

Cross Application Generic System Settings These parameters influence how the system operates but are not related as such to any one module. They are central to the system, much like the Basis layer of any SAP system. Click icon for Generic System Settings data capture sheet

Implement Maintain Access Control Owners Users that will be involved in your Access Control processes need to be assigned their responsibilities in the Access Control owners table in addition to their ABAP roles Important Users Who Are Assigned Specific Responsibilities Click icon for Generic System Settings data capture sheet

Organisational Structure The organisational structure is shared between Access Control and Process Control and used to assign controls in a structured way Shared Structure for Assigning Mitigating Controls Implement Click icon for Generic System Settings data capture sheet

ARA Configuration Parameters These parameters influence how ARA operates. System default values are defined here System Settings for ARA Implement Click icon for Generic System Settings data capture sheet

SoD and Critical Risk Ruleset Defining the Risk Library The ruleset defines the risks that matter to your organisation and ultimately shows the transactions that should not be allocated to users in combination Implement Click icon for Generic System Settings data capture sheet

Implement Maintain Mitigating Controls Mitigating controls are documented in Access Control as a way of mitigating the risk of assigning conflicting access to users. Whilst Access Control does not manage the control execution, it provides reporting for visibility of mitigated and unmitigated risks Define Controls and Map Them to Risks Click icon for Generic System Settings data capture sheet Implement

Mitigating Control Assignment This step defines the mitigating controls that need to be mapped to users based on the SoD risks that they will have at go-live Mapping Users to Controls Implement Click icon for Generic System Settings data capture sheet Implement

Business Processes and Sub Processes Part of mitigating control master data used to categorise controls Implement Click icon for Generic System Settings data capture sheet

Next Steps What Happens Next Feed design decisions into Blueprint document Collate outstanding items asap and feed into Blueprint Approve Blueprint Integrc prepare for configuration Configuration and master data loaded to GRC development Test

Thank You On behalf of Integrc, thank you for your invaluable contribution. Your input during requirements gathering will influence the success of the Access Control implementation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.