Blog

The following risks are often present but go undetected by security administrators and auditors because they are typically “unusual” cases. This doesn’t mean they aren’t present; they aren’t immediately apparent. Let’s look at some of these! 1. User accounts with critical profiles (SAP ALL and similar) that are inactive or locked but still used in […]

The queries made by auditors always give us a headache, either because of the difficulty in finding the right answer or because it forces us to dedicate time that we do not have. That is, a headache always! After reviewing the system with their own software tools, they give us their reports to which we […]

Can you imagine having a scanner that allows you to detect vulnerabilities and risks in the privileges assigned to user accounts? Imagine how you could strengthen the security of your SAP system proactively and efficiently: The new CentinelBox service will allow you to proactively take action to resolve them and achieve favourable and beneficial results: […]

Risks in SAP: Are all risks identified, and are we working to resolve them? Are there risks that we are unaware of or that are hidden? In strictest rigor, it is likely that we will never have all risks fully controlled. However, it is imperative to know them all and establish a work plan for […]

What should I control? What are the critical variables in SAP security that I should monitor? For executives and CISOs, a red alert is a first level to act upon. As we presented in the previous email, CentinelBox provides reports with color identification in cases where action is required… without the need for a deep […]

The difficulty faced by executives – and many CISOs – is understanding the logic and high level of data disaggregation required by SAP security privilege definitions and how to trust that there will be no leaks of classified information or fraud in system usage. There are no simple answers. Moreover, considering that annual reviews by […]

Some people may disagree with this statement, but it is a fact. Internal controls are the processes implemented by companies to ensure their objectives are met. They are the parts of the business process which provide mechanisms that could prevent inaccuracies or frauds, whether they were triggered by mistake or not. Preventive v/s Detective controls  […]