Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Subscribe to this list via RSS Blog posts tagged in Chief Information Security Officer

If your organization has run an SAP system for three years or more, you probably suffer from what we like to refer to as “Deceiving Authorization Roles syndrome.”
SAP Authorization Roles with deceiving one
Whether you’re familiar with this pesky problem or not, maintaining authorization roles for a few years, adding and removing activities and authorization objects, and creating new ones and deleting others all create situations in which authorization roles have names that incorrectly represent their content. This can lead to SAP admins unintentionally granting users with the wrong authorizations.

 

Continue reading
Hits: 7644 2 Comments

What? It’s already the third quarter? Yes, it is. We suddenly realized it ourselves, and wanted to make sure to remind you authorization managers and CISOs what you’ll be facing during this second half of the year. We’re assuming that these three things are already on your task list for Q3/Q4 (and if not, they should be), but we thought it would be nice to summarize them anyway.

iStock_000020142404XSmall.jpeg

Continue reading
Hits: 8369 0 Comments

One morning the company’s security manager or auditor appears at your door and catches you off guard with a question, “Hey, how can I know if someone is looking at employee salaries or peeking at their social benefits?” Without hesitating or looking away from your computer, you answer the obvious, “Well, if the person doesn’t need this function as part of his job description, he doesn’t have permissions for it.” But this uninvited guest is not leaving. He replies, “And what if he got permission by accident, or if he moved to a different position and the relevant authorization wasn’t removed…? How can I know if this person is still using his old permissions and looking at sensitive employee data?”

iStock_000026249003XSmall.jpg

Continue reading
Hits: 7331 2 Comments

True Story

A customer from a large enterprise came to us and said, “Our company has an ‘open policy.’ We trust our employees, so we grant all of them SAP_ALL. We know that SAP_ALL includes all authorizations in the system but everything’s working fine and our authorizations are very easy to maintain, as you’d expect. But we need to spot the people who are taking advantage of this freedom and going beyond their permitted activities; those who are misusing their authorizations and, based on their job descriptions, going where they’re not allowed. For instance, we have a sneaking suspicion that some people in the warehouse are exploring payroll records.”

iStock_000034870080Small.jpg

Continue reading
Hits: 6744 5 Comments

In 1914, American judge Louis Brandeis coined the famous quote “Sunlight is said to be the best of disinfectants,” and it has proven to be most accurate in 2014 too.

iStock_000009754186XSmall.jpg

Continue reading
Hits: 11141 0 Comments

In many organizations, the access to the sensitive SAP T-Code SU01 is much wider than needed. Let's explore why.

iStock_000012928852XSmall.jpg

Continue reading
Hits: 8164 0 Comments

“How Many Times?”

We, and our partners, often ask ourselves that very question after hearing case after case of employee fraud being committed at an enterprise. How many times will these companies endure suspicious activity by their employees before they get the right tool to send them alerts about it? How much money will they lose before they understand that there is a certain amount of usage data that cannot be monitored manually?

Continue reading
Hits: 6734 4 Comments

A couple of years ago, we included a “Lock User” button feature into our security product. If you received a “very high” alert, you could log into the system, catch the fraud in action, press the “Lock User” button and prevent the thief from stealing. Bam…. you’re the hero.

b2ap3 thumbnail iStock 000001818765XSmall 

Continue reading
Hits: 6115 0 Comments

One of the perks of being a Senior Implementation Advisor at Xpandion is hearing our customers describe their many juicy company stories. And let me tell you, there are some doozies. This most recent one is a very interesting case.

b2ap3 thumbnail iStock 000007448052XSmall

Continue reading
Hits: 5620 0 Comments

This is a true story from last week – an Xpandion expert received a phone call from one of our European clients, claiming they just received a High Risk Irregular Behavior alert pertaining to unauthorized access of salary information. After a quick investigation using ProfileTailor™ Dynamics, it was clear that something “fishy” was going on and actions had to be taken accordingly.

Hooray We Caught a Thief

Continue reading
Hits: 5466 0 Comments


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com