Outsourcing Cybersecurity

With the incessant stream of malware, data breaches, and online fraud, there’s no doubt that information security is one of the main worries of IT and business executives today. To make matters worse, top executives are constantly under pressure to cut costs and increase profitability in their companies. Added to that is the difficulty in hiring competent cybersecurity … [Read more...]

SAP Security Model

Most literature about SAP security usually points to internal controls such as user access and authorizations. Internal controls in this sense are the processes to ensure reliable financial reporting and compliance with regulations such as Sarbanes-Oxley (SOX). Securing SAP, however, is more than managing roles, users, and access and securing the NetWeaver platform. While this … [Read more...]

Compliance is Not Security

Compliance is not equal to security. These are two different beasts although they may have similar objectives. When I was a Big4 consultant, I saw how consulting firms and security vendors gained financial success during the first few years of Sarbanes-Oxley (SOX). Assessment programs were usually based on leading practices on access controls, change management, backups and … [Read more...]

Applying Defensive Strategies to Secure Systems

ERP systems, such as SAP’s ECC, face a multitude of potential threats. Within the past few years, security consulting companies such as ERPScan and Onapsis have been heralding that the once-perceived impenetrable SAP systems are susceptible to hacking attacks.  Given the financial, customer, supplier, credit card, employee and production data that reside in an ERP system, SAP … [Read more...]

Balanced Scorecard for Cybersecurity

There is a tendency to view cybersecurity as just another cost center. This kind of thinking denies cybersecurity its strategic value where it is often relegated to an IT operations function in most organizations. It is no wonder security failures have been increasing in spite of advances in security processes and technologies. Only recently that organizations are starting to … [Read more...]