Matt Moore's blog listings.

GRC 2013 Amsterdam Presentation Tip - 10.0 Upgrade Misconceptions

Thu, 23 May 2013 14:53:12 -0500

The following is a preview of the session "Where are you now and where do you want to be on the roadmap of compliance?" by James Roeske of Customer Advisory Group that will be presented at GRC 2013 in Amsterdam. You can get more guidance for staying on the right path to compliance at the event in June.

Misconceptions about GRC 10 upgrade projects:

1. It is very difficult and expensive to upgrade!

NO – this is not correct. A typical Rule Set review and AC 10 technical upgrade for ARA and Emergency Access can be completed in a matter of weeks. Access Risk Management does require more time due to the steps needed to convert over to the new workflow engine and perform the necessary testing due diligence.

2. AC 10 is immature with too may bugs; I’ll stick with my old, trusty “stable version”

NO – This is not correct. As with any new product, issues can and will occur. AC10 has been in general release for almost 2 years (since July 2011), has 12 support packs released containing fixes and functionality enhancements, and is being used by hundreds of customers around the world.

3. I’m on the SAP NetWeaver version of AC. I’ve heard there is no migration path for me, therefore, I need to start from scratch to re-configure the new ABAP version.

NO! You worked hard establishing your existing processes and configuration; don’t trash the good stuff! SAP provides migration tools to assist in transferring your configuration over to the new AC10 system. Not everything can be migrated via the tools. Some experienced consultants may have strategies to aid in the migration process.

Formore information, visit the GRC 2013 website or follow me @mattmoorewis

0 Comments - Leave a Comment

Exclusive Interviews with Jan Gardiner and Steve Biskie

Mon, 20 May 2013 11:49:58 -0500

While we count down the days until Jan Gardiner from SAP and Steve Biskie from High Water Advisors present at GRC 2013 in Amsterdam, here are a couple interviews to tide you over. During the Las Vegas edition of GRC 2013 in March, both Jan and Steve sat down with Dave Hannon from SAPinsider to discuss their session topics and new SAP GRC developments.

Jan, senior director of GRC solution management at SAP, discussed uncovering the value of underutilized functionality in SAP GRC 10.0 and previewed what’s coming up in SAP GRC 10.1 including EXTREME SPEED. Some specifics she covers include continuous controls monitoring, offline forms, and mobile applications. View it here: bit.ly/YUH0TY.

Steve, Managing Director at High Water Advisors, reacts to the announcement at GRC 2013 of the new SAP Fraud Management application powered by SAP HANA (spoiler: he’s excited). He discusses the importance of fraud prevention and the benefits SAP Fraud Management will provide before delving into common auditing mistakes and how to avoid them. View it here: bit.ly/10I4Ajp.

Here are the sessions Jan and Steve will present at the upcoming GRC 2013 conference in Amsterdam from 11-13 June…

Jan will lead her own session on SAP Process Control and will also join a pre-conference workshop and a live demo:

Steve will present three sessions, one of which is owned by the Financials 2013 conference, which you can attend an no additional cost by registering for GRC 2013:

0 Comments - Leave a Comment

Optimize core SAP Access Control functionality

Tue, 30 Apr 2013 17:11:19 -0500

At the upcoming GRC 2013 conference in Amsterdam, delegates will get to witness the latest and greatest features of SAP solutions for GRC, including SAP Fraud Management and a preview of 10.1 releases.

In addition, there will be a huge amount of content focusing on core SAP Access Control functionality for customers who want to enhance their ROI from what they already have. The following list highlights sessions that will optimize your existing SAP Access Control application or prepare you for an upcoming implementation or upgrade.

Pre-conference Workshop: A comprehensive guide to the latest security and access control trends and techniques: Best practices for ensuring a secure and compliant system
Raymond Mastre, PwC

From Access Enforcer to compliant user provisioning (CUP) to access request management (ARM): What's new with user access approvals
James Roeske, Customer Advisory Group

Panel discussion: SAP Access Control customers share their successes and lessons learned
Moderator: Nishi Prakash, SAP; Panelists: Bastian Becelewski, Zurich Insurance Group; Ids Voerman, Cargill; Chris Haigh, Kimberly-Clark; Elizabeth Rees, Marks & Spencer

Securing sensitive data in your SAP financials system
Erin Hughes, SAP

Case study: How CIMPOR cut password reset costs and optimised user provisioning by implementing SAP Access Control
David Torres Izquierdo and Eugenio Pauperio, CIMPOR

Case study: How Imperial Tobacco improved risk monitoring and mitigation across multiple companies and systems with an upgrade to SAP Access Control 10.0
Markus Richter, Imperial Tobacco

Furthermore, the GRC 2013 speakers will be available to answer all your core SAP Access Control questions. Even if you can’t meet with them between sessions, several speakers will be at our Ask the Experts forum, an exclusive chance to meet one-on-one with seasoned SAP Access Control consultants and SAP employees. This year’s experts include James Roeske, Ray Mastre, Chris Johnston, and Simon Persin.

You can see all of the sessions and register for GRC 2013 here. Stay in the loop with event updates by following me @mattmoorewis and the hashtag #GRC2013.

See you in Amsterdam!

0 Comments - Leave a Comment

GRC 2013 Amsterdam Presentation Tip - Cyber Attacks!

Tue, 16 Apr 2013 16:45:31 -0500

The following is a preview of the session "Preventing Cyber Attacks: How to Address 11 Risks That Could Leave Your SAP System Vulnerable" by Mariano Nunez of Onapsis that will be presented at GRC 2013 in Amsterdam. You can find out what the other 9 security risks are and how to address them at the event in June.

BIZEC is a non-profit organization with the mission of analyzing current and future threats affecting ERP systems

Current initiatives covering SAP solutions:

APP/11: The most common ABAP security issues
TEC/11: The most common SAP Application Layer security issues

In this presentation, we will cover BIZEC TEC/11

11 Risks Affecting the SAP Application Layer

BIZEC TEC-01: MISSING SAP SECURITY NOTES

Risk:

The SAP platform is running based on technological components whose versions are affected by reported security vulnerabilities and the respective SAP Security Notes have not been applied

Business Impact:

Attackers would be able to exploit reported security vulnerabilities and perform unauthorized activities over the business information processed by the affected SAP system

BIZEC TEC-02: STANDARD USERS WITH DEFAULT PASSWORDS

Risk:

Users created automatically during the SAP system installation or other administrative procedures are configured with default, publicly-known passwords

Business Impact:

Attackers would be able to log in to the affected SAP system using a standard SAP user account. As these accounts are usually highly privileged, the business information would be exposed to espionage, sabotage, and fraud attacks.

For more information, visit the GRC 2013 website or follow me @mattmoorewis

0 Comments - Leave a Comment

Podcast with James Roeske - SAP Access Control 10.0

Thu, 07 Mar 2013 11:31:31 -0600

James Roeske, CEO of Customer Advisory Group, recently sat down with Dave Hannon of SAPinsider to answer a few questions about getting the most "bang for your buck" with SAP Access Control 10.0. James discussed topics such as new features in the 10.0 release, enhanced integration with other SAP solutions for GRC, and important technical- and business-level considerations before implementing or upgrading to 10.0.

You can listen to the full podcast here: bit.ly/YP8g1j

James will be speaking at the GRC 2013 conference in Las Vegas beginning March 19. He will lead the following sessions:

James will also be available at our unique one-on-one Ask-the-Experts networking opportunity on March 19 from 6-6:45 pm. It is a chance to meet with James and get your individual SAP Access Control and security questions answered.

It's not too late to register for the show to meet James, along with many other SAP consultants, customers, and experts. Check out the event website at www.grc2013.wispubs.com.

0 Comments - Leave a Comment