I have noticed that the DDIC account does not exist in my company's SAP ECC 6.0 installation. Does anyone know what if any account in SAP ECC 6.0 has replaced the DDIC account?
Thank you in advance for your responses.
|
We have just implemented SAP and there is a consideration for scripting to be enabled on the SAP GUI Client side and SAP Server side GUI Scripting. Can anyone tell me the potential risk of enabling this and possible mitigation available.
|
SAP for medium and small organizations.
|
My office is looking at options for documenting our audits, creating reports, etc. We are already familiar with TeamMate, AutoAudit, et al. Our quality assurance group uses the QM module for their audits, and it looks like it might work for internal audit...
|
Can Anyone share the SAP GRC 10 Support documents as required for training the new users ?
Tariq296 | 12/21/2012 9:01:43 AM | COMMENTS(0)
|
Hello
I belong to a tax authority that is deploying the SAP-TRM (Tax Revenue Management) module of SAP.
Whilst there is an audit programme (ISACA) available as a download that relates to the SAP-ERP module there doesn't appear to be anything similar th...
pauld | 12/18/2012 11:29:55 PM | COMMENTS(3)
|
In this document, I have listed some of the most common risks and the recommended controls for each of those risks. Although this would be applicable for any ERP, it is particularly well suited for SAP.
|
Books
Posted by ISACA 135 days ago
|
Books
Posted by ISACA 135 days ago
|
Books
Posted by ISACA 135 days ago
|
Access controls and other areas traditionally focused upon by security professionals are no longer the only major risks to SAP systems. Today, SAP is confronted with a growing landscape of threats that include injection attacks, cross site scripting, session hijacking and denial of service. For the most part, business owners and security professionals are unaware of profound vulnerabilities laying in the technical components of SAP. Many of these vulnerabilities can be exploited by remote, external attackers without requiring a user account.
These risks have arisen from the gradual shift towards open source languages, protocols, standards and Web-enabled services, as well as the increasing size and complexity of SAP. When combined with inherent weaknesses in existing network controls and the sophistication of attacks targeted at corporate applications and data, such a rare combination of circumstances should be viewed as a sinister perfect storm.
Vulnerabilities in critical SAP components and services could be exploited by external attackers to interrupt SAP services, implement malicious changes to programs and files, intercept and alter data in transit, and corrupt or modify data directly in databases. If left unattended, these vulnerabilities raise serious concerns over the ability of companies to comply with SOX, PCI and other standards.
This white paper discusses some of the methods used by hackers to attack and compromise SAP systems. It also addresses some lesser known risks to raise awareness within the community and improve the overall posture of SAP security.
|
Books
The revised and expanded second edition of this best-selling book describes all requirements, basic principles and best practices of security for an SAP system.
Posted by ISACA 325 days ago
|
30 Sep 2013
ISACA International Event
Medellín, Colombia
La Conferencia Latinoamericana CACS/ISRM 2013 en Medellín, Colombia es la conferencia principal latinoamericana para los profesionales de auditoría, riesgo y seguridad de la información. Ahorre más de EE.UU. $ 100 si se inscribe antes del 7 de agosto!
|
Volume 1, 2013
by Gregory Zoughbi, CISM, CGEIT, PMP, TOGAF9, ITIL Expert, COBIT 4.1 (F)
Many organizations choose to acquire an enterprise resource planning (ERP) system to serve as a common system for their wide range of daily operations.
|
Volume 4, 2012
by Filip Caron and Jan Vanthienen, Ph.D.
This article aims to introduce business process analytics and mining to the information systems (IS) audit and control community.
|
Volume 4, 2012
by Jose Espin, CISA, CISSP, MCP, SAP
This article focuses on the application-level risk that arises from inappropriate implementation of access controls.
|
Volume 4, 2012
by Vasant Raval, DBA, CISA, and Greg Dyche
In this article, the term “governance” is used in the sense of information governance to discuss certain myths or misunderstandings of governance.
|
Volume 3, 2012
by ISACA | Reviewed by Shasikanth Malipeddi, CISA
Oracle PeopleSoft HCM is one of the most commonly used human capital management (HCM) system found in medium to large companies in the US.
|
Volume 3, 2011
by Stefan Wenig and Kyung-Hee Anita Kim-Reinartz
This article discusses ways to standardize data extraction and audit routines.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
SAP now provides SAP sandbox access over Internet for learning and practice. This links provides details.
Contributed by Barun on 13 Feb 2011
|
This is a good source of SAP security trainings - including classroom (public and corporate) and online trainings.
Contributed by Barun on 13 Feb 2011
|
Good document from Australian National Audit Office
Contributed by Barun on 18 Nov 2010
|
Useful information about SAP security courses by SAP.
Contributed by Barun on 18 Nov 2010
|
SAPvir, the first virus to infect programs and reports used by the high-end SAP R/3 business information system, was posted to an online virus library this week.
Contributed by ISACA on 29 May 2010
|
Polk County School District, the eighth-largest school district in Florida, replaced a cumbersome and insecure password system with innovative, biometric technology available for SAP software.
Contributed by ISACA on 29 May 2010
|
|
Grupos de Estudio para Acreditaciones de JUNIO, SEPTIEMBRE Y DICIEMBRE 2013.
Para los que esten interesados en la presentación del exámen de certificación CISA y CISM o para cualquiera que desee comenzar a prepararse para estas o las próximas pruebas, pu...
Posted By : Alexander Osorio | 0 comments
|
The increased complexity and diversity in the information systems and the inability to rebuild the information systems from scratch is forcing enterprises to look at EAI as an alternative solution that will help extend the life of the existing application...
Posted By : Kannan | 0 comments
|
|
Converting to IFRS poses a significant challenge to organizations globally. Many companies initially view the conversion process as solely an accounting challenge and fail to take into consideration the significant roleplayed by IT systems and processe...
Posted By : Iwan A | 0 comments
| |
|
|