Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM...
-
Upload
rosalyn-scott -
Category
Documents
-
view
215 -
download
2
Transcript of Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM...
Integrated Security Solutions
realtime Confidential © 2006 TK Consulting, LP
March 11, 2007
APM Demo
© 2006 realtime North America, Inc.2 realtime Confidential April 19, 2023
Contents
Overview
APM Role Management
APM Risk Management
Q & A
© 2006 realtime North America, Inc.3 realtime Confidential April 19, 2023
Who We Are - realtime
SAP ISV & IVN Partner
NetWeaver Certified Biometric Identity
Management Risk & Role Management
200 Global Fortune Clients
Established in 1986
© 2006 realtime North America, Inc.4 realtime Confidential April 19, 2023
SAP Security Solutions
mySAP Security SolutionsFour-
TierbalanceAP
MbioLock
Cost
Compliance
Usability
© 2006 realtime North America, Inc.5 realtime Confidential April 19, 2023
APM Overview
Authorization Profile Management
Developed by realtime in 1997.
Complete solution for SAP role management, audit assessment and Sarbanes-Oxley compliance.
Pre-delivered with Risk and Process Analysis cases.
Installed at over 150 Fortune 500 and other companies such as Marathon Oil, US Army, Merck AG, Schwarz-Pharma AG, Siemens and Toyota.
© 2006 realtime North America, Inc.6 realtime Confidential April 19, 2023
Contents
Overview
APM Role Management
APM Risk Management
Q & A
© 2006 realtime North America, Inc.7 realtime Confidential April 19, 2023
APM Role Management
Role Management
Collaborate with Business to identify authorization for Role Generation via Authorization Trace
Customizable Derived Role reduces maintenance cost by reducing the number of roles
Mass Change function reduces administration cost
Accelerate implementation
© 2006 realtime North America, Inc.8 realtime Confidential April 19, 2023
APM Role Management
Authorization Trace Benefits
Defined from the SAP point of view in cooperation with the Business.
No need to learn how SAP-System trace is handled.
Easily troubleshoot and resolve authorization issues.
The logged authorizations represent the minimum specifications.
Retrieves to workspace for role generation or add to existing role.
© 2006 realtime North America, Inc.9 realtime Confidential April 19, 2023
APM – Authorization Trace
Set Traces against one or more Users
© 2006 realtime North America, Inc.10 realtime Confidential April 19, 2023
APM – Authorization Trace
Traced data are imported into APM for analysis and Role Generation
© 2006 realtime North America, Inc.11 realtime Confidential April 19, 2023
APM – Role Management
Customizable Derived Role Benefits
Builds flexible and customizable roles inherited from a Master template
Reduces maintenance cost
© 2006 realtime North America, Inc.12 realtime Confidential April 19, 2023
SAP – Profile Generator Derived Role
F -2 2 (E n te r C u s tom e r Invo ice)
F -2 8 (P o s t In com in g P a ym e n t)
F -3 2 (C le ar C u sto m er) .. . .. . . . . . ..
USA Company Code - 0001
F -2 2 (E n te r C u s tom e r Invo ice)
F -2 8 (P o s t In com in g P a ym e n t)
F -3 2 (C le ar C u sto m er) .. . .. . . . . . ..
CAN Com pany Code - 0002
Custom er Invoice Processing
Only Org. Data can be modified!
© 2006 realtime North America, Inc.13 realtime Confidential April 19, 2023
APM – Customize Derived Role
F -2 2 (E n te r C u s tom e r Invo ice )
F -2 8 (P o s t In com in g P a ym e n t)
F -5 9 (P aym e nt R eq u es t).... . . . . ..
A C T V = 02 , 06
B U R K S = 0 0 03
F -3 2 (C le ar C u sto m er) ... .. . . . . . ..
USA Company Code - 0001
F -2 2 (E n te r C u s tom e r Invo ice )
F -2 8 (P o s t In com in g P a ym e n t)
F -3 2 (C le ar C u sto m er) ... .. . . . . . ..
CAN Com pany Code - 0002
Custom er Invoice Processing
Organizational and Inherited Authorization can be modified
© 2006 realtime North America, Inc.14 realtime Confidential April 19, 2023
Contents
Overview
APM Functionalities Discussion
APM Role Management
APM Risk Management
Q & A
© 2006 realtime North America, Inc.15 realtime Confidential April 19, 2023
APM – Risk Management
Risk Management Overview
Identifies Sensitive Access (SA) and Segregation of Duties (SoD)
Defines SA & SoD at Transaction and/or Authorization Field Value
Proactive Risk Analysis
Inactivates pre-defined authorization
Performs user provisioning Risk Simulation
Real-time Reporting and Monitoring
© 2006 realtime North America, Inc.16 realtime Confidential April 19, 2023
APM – SA & SoD Definition
Document additional Risk Description
Email changes to Risk Owner
Document Mitigating Controls and Exceptions
© 2006 realtime North America, Inc.17 realtime Confidential April 19, 2023
APM – Risk Management
Proactive Assessment
• Inactivate pre-defined risk
• Flags critical authorization
© 2006 realtime North America, Inc.18 realtime Confidential April 19, 2023
APM – Risk Management Reporting
3-Level Simulations
•Single Roles
•Profiles
•Transactions
© 2006 realtime North America, Inc.19 realtime Confidential April 19, 2023
APM – Risk Management Reporting
Realtime Process Analysis
•Detailed User, Role, and Auth. Value
•Cross Clients/Systems
© 2006 realtime North America, Inc.20 realtime Confidential April 19, 2023
APM – Risk Management Reporting
ALV Reporting View
© 2006 realtime North America, Inc.21 realtime Confidential April 19, 2023
APM – Risk Management Reporting
3 Levels of Reporting View
© 2006 realtime North America, Inc.22 realtime Confidential April 19, 2023
APM – Risk Management
Monitoring – Supervisor may periodically review, approve, disapprove, and document
© 2006 realtime North America, Inc.23 realtime Confidential April 19, 2023
APM – Risk Management
Approval History
© 2006 realtime North America, Inc.24 realtime Confidential April 19, 2023
APM – Risk Management
Risk Change Management History
© 2006 realtime North America, Inc.25 realtime Confidential April 19, 2023
APM – Special User
Monitors executed Programs & Transactions