The queries made by auditors always give us a headache, either because of the difficulty in finding the right answer or because it forces us to dedicate time that we do not have. That is, a headache always! After reviewing the system with their own software tools, they give us their reports to which we […]
Risks in SAP: Are all risks identified, and are we working to resolve them? Are there risks that we are unaware of or that are hidden? In strictest rigor, it is likely that we will never have all risks fully controlled. However, it is imperative to know them all and establish a work plan for […]
What should I control? What are the critical variables in SAP security that I should monitor? For executives and CISOs, a red alert is a first level to act upon. As we presented in the previous email, CentinelBox provides reports with color identification in cases where action is required… without the need for a deep […]
The difficulty faced by executives – and many CISOs – is understanding the logic and high level of data disaggregation required by SAP security privilege definitions and how to trust that there will be no leaks of classified information or fraud in system usage. There are no simple answers. Moreover, considering that annual reviews by […]
It is common that investment and SAP system security project development decisions are based on the seriousness of the observations made by the External Auditors in their reviews. In addition, the executive level generally undervalues the auditors’ observations, so it is likely that the lack of action on security is always the same. The auditors’ […]