CATALOGUE TRAINING COURSES CONSULTING
Transcript of CATALOGUE TRAINING COURSES CONSULTING
02
04
12
18
20
22
24
A WORD FROM THE PARTNERS
SECUREWAY IN FIGURES
THEY TRUST US
SAP TRAINING
AUDIT
AUTHORIZATION PROJECT
AUTHORIZATION MAINTENANCE
GRC: GOVERNANCE, RISK & COMPLIANCE
SWAWE
FLEXIBLE SUPPORT
TABLE OF CONTENTS
03
05
15
In June 2007, Grégory BIASOTTO, Christophe BIZOT and EmmanuelANTIGNAC decided to combine their experience and their expertise toaddress all the problems related to SAP® application security bycreating SECUREWAY.
SECUREWAY now has 23 employees specialized in the field of SAPauthorizations. We support our customers in all phases of theauthorization lifecycle, such as design and configuration ofauthorizations, training, audit and integration of some IAM.
The many years spent advising our clients have led us to set up apersonalized methodology with a functional and technical approach toauthorizations. Moreover, being referenced by the SAP editor as authorizations trainers, we bring an educational dimension to ourinterventions.
Our teams are also continuously trained on new developments relatedto SAP® application security. For example, in 2021, all our employeeshave been trained on the specifics of S/4 HANA authorizations.
A WORD FROM THEPARTNERS
PAGE 2
SECUREWAY IN FIGURES
4910
233
Offices
clients
Years ofexperience
Skilledresources
SECUREWAY main objectiveis the satisfaction of their
current and historicalclients who trust us
Is the guarantee for ourclients to benefit from themost adapted solution to
their problems
With offices in Paris,Grenoble and Toulouse,
Secureway has never beencloser to their clients! At your service to support
you in your projects
PAGE 3
TRAINING DURATIONDuration of the complete trainingprogram: 3 daysThe complete training takes placeover a period of 3 days.
Duration of the specific training:X days depending on the moduleschosen. For a specific training program theduration varies according to themodules chosen.
The training is divided into 10modules, from module A to J. The customer is free to choose themodule(s) that interest him/her. The duration of the course iscalculated according to themodules chosen.
WHO IS THIS TRAINING FOR?
Member of a SAP project team / ConsultantSystem Architects / System AdministratorsSAP System Administrator People working in an SAP user support centerSAP users and roles manager
Intern Profile:
Describe the elements,strategies and tools of theSAP authorization concept; Generate and assignauthorizations profiles withthe profile generator;Analyze authorizations; Describe special objects foradministrators.
The objective of this training isto enable you to manage rolesand user records in SAP.
EDUCATIONAL ISSUES ANDOBJECTIVES
SAP TRAINING
PAGE 6
PRE-REQUISITESKnow the technical basics in SAP.
LEARNING PROGRESSION
Introduction to SAPConnection to SAPPresentation of the home screenAccess a transactionConducting researchMulti-screen display
A- Navigation in SAP :
Why authorisations?Access ControlsUsers, roles and permissionsAuthorisation conceptAnalysis
B- Definition of an authorization and implementation of anauthorization concept :
Roles, classes, objects, fields and valuesMulti-authorizationAuthorization profiles,Summary of cardinalities
C- Authorization Terminology:
General presentation of the form,Presentation of the different tabs,Mass management,Comparison of user records
D- User file :
PAGE 7
SAP TRAINING
Definition of a rolePresentation of the different tabs in the role management(PFCG)Setting up the SU24
Setting up a composite roleImplementation of derived roles
Status iconsNavigation iconsTexts and statutes
Understand how authorization controls work in SAP
Diagnostic tool: SU53Authorization Trace: ST01
General presentation of SUIMUser analysisRole analysisComparison of roles and usersDocumentation on authorization objects
Know how the SE16 works (reading the tables)Know how to use tables to analyze user rights, roles,authorizations, organizational data...
E- Role management:
F- Management of specialroles :
G- Subtleties in role management :
H- Authorization Control :
I- Error detection assistance:
J- Analysis via the SUIM transaction:
K- Analysis via SAP tables :
PAGE 8
SAP TRAINING
PEDAGOGICAL ANDTECHNICAL MEANS :
Meeting room with videoprojector Meeting space with largescreen Wired/wifi internetconnection Client's or trainingorganization's laptopcomputers
The trainee must have acomputer with headphones,a microphone and awebcam No software installation isrequired by the trainee asthe training is donethrough a web link via ourMicrosoft TEAMSapplication In case of technicalproblems, the trainee cancontact the trainer directlyvia the phone numberindicated in the invitation
1) Face-to-face:
2) Remote : Training that meetsthe specific needs ofthe company Save time for futuredesigns andimplementationsModularity in thechoice of themesAutonomy of yourresources to manageauthorizationsSupport following thetraining
STRENGTHS :
Exercises as the trainingprogressEvaluation grid at the end ofthe training: a WEB link isprovided to the trainees toevaluate the training
THE TRAINERChristophe Bizot - Co-manager
ORGANISATION
WHAT YOU WILL GETFROM THIS TRAINING
MONITORING AND EVALUATIONOF TRAINING RESULTS
PAGE 9
SAP TRAINING
DEMONSTRATION: This component is anapplication of the lecture bythe trainer. In this section, thetrainer will illustrate the theorywith concrete exercises. Thisdevelopment, based on theconcepts discussed during thelecture, is put into application.
EXERCISES : This component is very important for the trainee because it will allowhim or her to clarify poorly understood points. This component alsoallows the trainer to probe the knowledge acquired by the trainees inorder to plan the next steps of the training.
These exercises are done at the end of each important module andare carried out on an interactive platform for the theoretical part andon an SAP server for the practical part.
At the beginning of the training, each trainee receives a number. Thetrainee will be able to create his own objects (roles, user files, ...) withhis own number at the end. For example: "Use the user code "FORMxx"containing the role "BASISxx" (where xx is the trainee's number) ..."
This allows the trainer to track the progress of each trainee as allelements are retrievable from the SAP server. The identification of thetrainee is done by the link number/name of the trainee.
LECTURES:For this, the trainer willmake a presentation relatedto the subject of thetraining. This lecturepresents the essentialpoints of the training in amasterly way. It alsoindicates the limits that willbe used for this training.This component is fairlypassive for the trainee.
TERMS AND RATES Our company uses the following methods:
PAGE 10
SAP TRAINING
ADDED VALUEThe trainer's professional background and knowledge assimilated in thefield allow us to offer training adapted to the client's needs from abusiness point of view.
DELIVERABLES : Unlimited access to the online platform (training manuals and exercises).
PAGE 11
SAP TRAINING
AUDIT
OBJECTIVESAre your authorization` maintenance costs too high? Do you want to anticipate the next auditors' visit? Has fraud been detected? Have your competitors obtained a copy of your sensitive data? Have the salaries been disclosed to the wrong people? Are there too many anomalies in your authorizations?
APPLICATION SECURITYAUDIT :Internal security policy andorganization, SAP access management anduser life cycle management, SAP security organization andprocedures, General SAP securityparameters, SAP authorization solutions, Monitoring and compliancewith SOD principles.
STRENGTHS : Knowledge of the risks withinyour SAP IS,Recommendations and actionplan to optimize yourauthorizations and SAPsecurity.
SOD MATRIXINSTALLATION:Workshop with thebusinesses to identifyrisks,Parameterization of thematrix linked to your SAPsystem,Training to perpetuatethe matrix and analyzethe risks.
STRENGTHS : No license cost,Real time analysis of SODrisks in SAP.
PAGE 13
AUDIT/ REMEDIATION/ COMPENSATION AND SUSTAINABILITY:Workshop with business to identify risks,Implementation of the standard audit matrix,Remediation: Cleaning of roles,Cleaning of user records,Assistance in setting up compensatory reports,Sustainability of the solution.
SAP IS respects the segregation of business tasks.Application risks are controlled.
STRENGTHS :
PAGE 14
AUDIT
AUTHORIZATION PROJECTS
OBJECTIVESYour auditors point out numerous risks of segregation of duties related toyour authorization system?Are you planning an SAP release upgrade?Are you implementing a new module?Your organizational structure is changing (merger, new company, etc.)?Are you planning to implement a convergence of your SAP environments?You have noticed changes in production made by members of the ITdepartment?Your authorization concept does not represent your business processes?
DESIGN :
Matrix directly exploitableby the projectmanagement,Clear vision of who doeswhat and on whichorganizations,The SOD process approachallows for flexibility infuture developments (newbusinesses) andguarantees the separationof tasks.
Analysis of the businessprocesses of the company,Workshop with the businessareas,Use of SAP best practices toimplement theprocess/business matrix.
STRENGTHS :
REALISATION:Implementation of a namingconvention,Implementation of personalizedmenus,Application of SAP methods tocreate roles:individual roles, derivation,composite roles...Maintaining the link betweentransactions and objects (SU24)
STRENGTHS : A clear and easy vision of thefunctions and scope of each role,Saves time when roles evolve(derivation), or when a new businessis created (creation of a newcomposite role that groups existingprocess roles).
PAGE 16
KNOWLEDGE TRANSFER:Realisation of authorization specifications,Documentation of the best practices for authorizations,Training of internal teams,Benefits: Team trained on authorizations respecting the SAP methodology.
STRENGTHS : A team trained to authorisations according to SAP methodology
PAGE 17
AUTHORIZATION PROJECTS
OBJECTIVESDo you need to optimize your maintenance costs?Do you want your internal teams to be able to perform more high-value-added tasks?Are you experiencing numerous regressions in your roles and users?Are your needs in terms of expertise and advice changing?Are you looking for a consultant with a functional approach toauthorizations?Are the deadlines for resolving anomalies/changes not being met?
MAINTENANCE
Role management (anomalies, changes, documentation)User management (creation, modification, archiving, licenses)Updates to the standard SOD matrix,Maintenance of GRC solutions,Updating of procedures and documentation, etc.Application of security reviews (inactive users, obsolete roles, SOD reviews, ...Publication of statistics.
Benefit from a team of authorized experts who master thetechnical/functional aspects,Our work methodology and our rigor have always enabled us to meetdeadlines,Cost control due to our experience and methodology,Cost control due to the advantages of outsourcing,The wise advice of our consultants with an average of more than 10 yearsexperience.
The level of expertise of our consultants guarantees our clients the desiredlevel of responsiveness for all of the following tasks
STRENGTHS :
AUTHORIZATIONMAINTENANCE
PAGE 19
GRC: GOVERNANCE, RISK &COMPLIANCE
OBJECTIVESYou purchased a GRC licence and want to implement it?You are using the risk analysis engine and want to add user provisioning?You need to upgrade your GRC environment?GRC is running, but are still struggling with your remediation plan?You do not have a global picture of your conflicts?You would like to reduce your role and user maintenance costs?
GRC SUPPORT
Verification of the correct setup of the software components.Review of SOD Matrix in collaboration with your Business Representatives.Analysis of custom transactions and authorization objects to be included inthe SOD Matrix.Design of risk approval workflows at role and user levels.Management of Mitigating Controls.Documentation and training for GRC users.Day to day support.Design of remediation plan.
As part of a GRC project, we set up the GRC tool so that the management ofyour SOD risks can be controlled in a sustainable way.
Benefit from a team of authorized experts who master thetechnical/functional aspects,Our work methodology and our rigor have always enabled us to meetdeadlines,Cost control due to our experience and methodology,Cost control due to the advantages of outsourcing,The sound advice of consultants with an average of more than 10 yearsexperience.
STRENGTHS :
PAGE 21
OBJECTIVESAre you looking for an alternative to GRC Access Control?Want to automate SAP user access management with approval workflows?Need to automate Separation of Duties (SOD) analysis?Temporarily manage extended rights subject to approval and control?Do you want customizable reports? A low-cost, no-commitment solution with quick and easy implementation?To develop your employees?
SWAWE SETUP:
Risk prioritizationSOD standards in the toolwith the collaboration of thebusiness lines,Setting of the workflowsApproval workflows at userlevelSetting of compensatoryreportsSetting up customizeddashboardsDashboards (graph on theevolution of risksroles/users...)Training of teams onThe use of the toolAssistance in risk analysiswith SWAWESupport for a remediationproject.
We set up the parameters ofSWAWE so that your riskmanagement is controlled in asustainably way :
STRENGTHS : Low acquisition costs andtechnical requirements,Scalable and modular concept(among other things, thepossibility of managing otheraccesses on non-SAP systems:AD, Salesforce, Ariba, ...)Highly customisable reportingcapabilities,Full automation of usermanagement with all thetraceability required in theevent of an audit,Possibility of integration witha ticket management tool viathe available APIs,Emergency user managementwith approval workflow, anddetailed reporting of sessionsand changes made.
SWAWE
PAGE 23
FLEXIBLE SUPPORT
Advantages:Benefit from permanently on-site authorizationexperts,Immediate availability for workshops, meetings,and various questions,Ease of exchange between the different areas /stakeholders.
PAGE 25
FULL ON-SITE SUPPORT
MIXED ON-SITE ANDNEARSHORE TEAM
FULL REMOTECONSULTING
Advantages:Benefit from an on-site authorization expert whocarries out monitoring, steering, andspecifications,Cost reduction on implementation tasks,The implementation tasks are carried out by thecompetence center, freeing up the time of the on-site expert on specific subjects.
Advantages:Cost reduction (material and human)Benefit from a mutualization ofcompetencies,Delegation of recurring tasks in order toconcentrate on more strategic tasks,Adaptability of time slots.