Search

Insight

Prevention Is the Best Medicine: A Guide to SAP Security Health Checks

Preventative ongoing maintenance and monitoring of your users’ SAP security access is critical to avoiding significant deficiencies or control weaknesses.  A governance, risk, and compliance (GRC) tool (such as SAP GRC, Control Panel, ComplianceNow, ERP Maestro) is a great start, but there is more to monitor! System parameters and client settings are also part of your audit but are outside the monitoring scope of most GRC applications. Regular security health checks are key to (1) identifying these access issues before they spiral out of control, (2) mitigating the risk from control deficiencies, and (3) ensuring your security administrators are following best practices. In an SAP environment, security health checks are periodic assessments of key application-layer ITGC controls related to user access. They should cover sensitive access monitoring, general access monitoring, and mitigating control assignment, as well as any other ITGC controls your external auditor may assess.
Insight

Understanding the Differences between PIAs and the GDPR’s DPIAs

Since May 25, 2018, organizations have been required to perform data protection impact assessments (DPIAs) under the General Data Protection Regulation (GDPR).  Organizations use DPIAs to assess whether certain data processing activities are a risk to the rights and freedoms of individuals. However, because DPIAs are similar in name to the much more familiar PIA (privacy impact assessment), there has been some confusion among privacy and risk management teams, who have mistakenly considered them the same type of assessment. But DPIAs and PIAs are actually very different, helping teams achieve separate goals and assess different areas of privacy. This post focuses on the key differences between these two types of assessments and the roles they each play in a GDPR-compliant privacy program.
Insight

Case Study: Implementing SailPoint’s IdentityIQ for a National Water Company

Client Overview One of the largest and most geographically expansive water utility companies located in both the United States and…
Insight

Thinking Inside the Box: A Guide to Configuring Your Database Monitoring Solution

Database activity monitoring is an integral part of an organization's security. But without a well-configured solution (DMS), you can get lost in the noise, unable to focus on suspicious or inappropriate activity. In this guide, our experts lay out a step-by-step approach to configuring your DMS...
Insight

Your Roadmap to U.S. Breach Notification Laws

Keeping up with each state's data breach notification laws is close to impossible. That's why we created this handy guide - a quick reference to all 50 states and...
Insight

Enabling Key SoD Controls in a Workday Environment

News Article

Cyber Balance Sheet Reveals Risk Appetite Struggles in the Boardroom

Focal Point Data Risk, an integrated risk management firm, today announced the release of the second annual Cyber Balance Sheet Report, a closely watched research study using in-depth surveys and interviews of corporate board members and chief information security officers (CISOs) to offer a rare window on the state of cyber risk management in the boardroom.
Insight

The 2018 Cyber Balance Sheet Report

The 2018 Cyber Balance Sheet Report offers a rare window on the state of cyber risk management in the boardroom.
Insight

A Fortune 500 Food Manufacturer’s Award-Winning Global Identity Governance Initiative

A Fortune 500 manufacturer of chocolate and other confectioneries, operating in more than 70 countries and growing through acquisitions and…
New Search