https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900088#M375968 <HTML><HEAD></HEAD><BODY><P>Thank you all for your inputs.</P><P></P><P>Security document is in fact a part of functional / management team responsibility in which you help them with your inputs and thoughts as it varies with business processes.</P><P></P><P>Thank you again.</P><P>TJ</P><P></P><P>Message was edited by: </P><P> Tee Jay</P></BODY></HTML> Tue, 06 Feb 2007 21:49:29 GMT Former Member 2007-02-06T21:49:29Z https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900084#M375964 <HTML><HEAD></HEAD><BODY><P>Hi SAP Gurus,</P><P></P><P>I have multiple questions.</P><P></P><P>first, let me explain situation</P><P></P><P>- New implementation of NW04S + ECC5</P><P>- Used are BI7 only , GL,FI/CO,TR ( all financial products)</P><P>- Small-medium size company with 3-4 company codes.</P><P>- SOX is a big issue but no Versa.</P><P>- CUA implemented, (don't know why land scape is very small)</P><P></P><P>Question 1</P><P></P><P>I need a security strategy template to out line a security strategy.</P><P>If some on have an example that I can follow, will appreciate it, other wise if I can be pointed in right direction.</P><P></P><P></P><P>Question 2</P><P></P><P>What should be my security design strategy, any suggestions in this kind of situation.</P><P></P><P>Thanks</P><P></P><P>T.Jay</P></BODY></HTML> Tue, 30 Jan 2007 20:56:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900084#M375964 Former Member 2007-01-30T20:56:46Z https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900085#M375965 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>1. Security strategy is company specific and its company property. </P><P>2. Design your self.</P><P></P><P>yes. SOX is a big issue.</P><P></P><P>first be specific about the job roles(positions) and gather required transactions.</P><P>then create roles or you can copy predefined roles.</P><P></P><P>then find out the critical and conflict transactions across the business roles, and try to exclude them.</P><P></P><P>it s not that much easy to prepare and implement, but it s possible.</P><P></P><P>Thanks,</P><P>Praveen.</P></BODY></HTML> Wed, 31 Jan 2007 15:21:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900085#M375965 Former Member 2007-01-31T15:21:32Z https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900086#M375966 <HTML><HEAD></HEAD><BODY><P>Hi TJ,</P><P>Check this info ..can be helpful...</P><P><A href="http://www.sapsecurityonline.com/sox_sod/sod_matrix_fi.htm" target="test_blank">http://www.sapsecurityonline.com/sox_sod/sod_matrix_fi.htm</A></P><P>Br,</P><P>Sri</P><P>Award points for helpful answers</P></BODY></HTML> Wed, 31 Jan 2007 16:25:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900086#M375966 Former Member 2007-01-31T16:25:30Z https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900087#M375967 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Some of the following links would give you an over view.</P><P></P><P><A href="http://www.auditnet.org/sapaudit.htm" target="test_blank">http://www.auditnet.org/sapaudit.htm</A></P><P></P><P><A href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/3f/857e41564c020de10000000a1550b0/frameset.htm" target="test_blank">http://help.sap.com/saphelp_erp2005vp/helpdata/en/3f/857e41564c020de10000000a1550b0/frameset.htm</A></P><P></P><P><A href="http://www.law.uc.edu/CCL/SOact/toc.html" target="test_blank">http://www.law.uc.edu/CCL/SOact/toc.html</A></P><P></P><P><A href="http://www.auditnet.org/sarbox.htm" target="test_blank">http://www.auditnet.org/sarbox.htm</A></P><P></P><P><A href="http://www.isaca-kc.org/doc/Segregation%20of%20Duties.pdf" target="test_blank">http://www.isaca-kc.org/doc/Segregation%20of%20Duties.pdf</A></P><P></P><P>I will try to share more info.</P><P></P><P>Cheers</P><P>Soma</P></BODY></HTML> Wed, 31 Jan 2007 23:37:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900087#M375967 Former Member 2007-01-31T23:37:56Z https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900088#M375968 <HTML><HEAD></HEAD><BODY><P>Thank you all for your inputs.</P><P></P><P>Security document is in fact a part of functional / management team responsibility in which you help them with your inputs and thoughts as it varies with business processes.</P><P></P><P>Thank you again.</P><P>TJ</P><P></P><P>Message was edited by: </P><P> Tee Jay</P></BODY></HTML> Tue, 06 Feb 2007 21:49:29 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-strategy/m-p/1900088#M375968 Former Member 2007-02-06T21:49:29Z