SAPLIB

Logical access controls determine which individuals have access to what information. Some of the items examined here are mechanisms in place on computer and network systems and some pertain to the overall architecture of the offerings provided by the organization. Some of the items that will be investigated include
- Individuals who have access to client information
- Individuals with privileged access to network devices such as firewalls and routers and computer systems
- Appropriateness of individual access to job function
- Appropriateness of user management procedures to identify dormant and unused accounts and to determine individual access
- Restriction of customer access to prevent the sharing of information
- Mechanisms in place to prevent unauthorized access to client information (both with regard to other clients and employees)

The information that is necessary to evaluate these issues is not solely related to the controls on the computer systems. The auditors will need to understand the underlying architecture that separates sensitive information and the procedures used by the organization to manage user access effectively.

Popularity: 41% [?]

Download free ISO 27001 Data Backup and Data Restore Operation Task Form. This simple form is designed to follow ISO 27001 standard. Basically the ISO 27001/ISO17799 standard will ensure that each security process within the company already standardized, documented and properly (more…)

Popularity: 31% [?]

SAP ERP application is an integrated enterprise resource planning (ERP) software manufactured by SAP AG that targets business software requirements of midsize and large organizations in all industries and sectors. It allows for open communication within and between all company functions. SAP stands for Systems, Applications and Products. It uses the concept of modules(“individual programs that can be purchased, installed, and run separately, but that all extract data from the common database”)SAP AG, the company that provides the enterprise resource planning solution has upgraded the package and lauched it as SAP ECC 6.0 in 2005. ECC stands for Enterprise Central Component. The purpose of positioning it as ECC is to enable SAP to build and develop an environment of other products that can function upon the foundation of the central component.
Download

Popularity: 31% [?]

1. Authorising the preparation of a Project Plan and Business Case for the project
2. Approving the project go-ahead
3. Checking that the project remains justifiable at key points in the project life cycle (more…)

Popularity: 16% [?]

1. Document the control environment.
What are you doing? What are your processes? Where are the risks?

2. Test: Implement the process and access controls needed to address the risks identified.

3. Remediate: Resolve exceptions found by the controls.

4. Analyze: Use the information gathered to gain a deeper understanding of the business.

5. Optimize: Improve both GRC and business processes as insights are gathered.

Popularity: 23% [?]