Is Accepting SOD Violations in Security Roles Ever Justified?
Source: SECUDE
An important policy issue with strong corporate governance implications in SAP-enabled enterprises is whether to permit the design of security roles containing embedded Segregation of Duties (SOD) violations. SAP best practice clearly recommends against it, and most companies prohibit the practice, believing it signals a lack of control. This paper agrees that SAP best practice is always the starting point for a sound SOD control. However, it also makes the case that under some circumstances, when carefully documented and monitored, permitting the design of roles with embedded SOD violations can be a valid way to reduce and control risk. It explores the issues involved and consider under what circumstances this unusual practice should be allowed.
| Format: | Size: | 100.40 | |
| Date: | Mar 2009 |
People who downloaded this item also downloaded
- Role Engineering: The Cornerstone of Role-Based Access Control
- Identity Management: The Seven Flaws of Identity Management - Usability and Security Challenges
- The ABC's of Social Engineering & Five Ways to Protect Your Organization
- Mitigation of SAP Authorization Risks
- Federated Identity Management: A Comparison of Various Approaches
