Search

If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security Law (DSL) that went into effect on September 1, 2021. The DSL adds to an increasingly comprehensive legal framework for information and data security in China. The law also imposes extensive data processing requirements and…

Every time a major data breach makes the headlines, the company in question almost always struggles to answer the most important question: Why did it take so long to detect the breach, and what exactly did the attackers steal? Even though companies maintain transactions logs, investigators need to look at log entries that could run…

Organizations that use ERP applications like SAP, PeopleSoft, Oracle EBS, etc., manage thousands of users. Most of these users have limited roles that only allow them to perform their job-related tasks. But there exists a subset of users/accounts who are granted a wide spectrum of authorizations because their role entails managing the application itself: privileged…

Data breaches caused by ransomware attacks, phishing scams, and state-sponsored hacker groups tend to grab the headlines. However, the reality is that insider threat activity causes 60% of these breaches. Moreover, while these threats are becoming more frequent – up 47% over the latest two-year period – and costly to organizations, it still takes organizations…

Appsian Security’s Vice President of Product Strategy and Customer Experience, David Vincent, recently appeared on Security Guy TV to talk about ERP Security, Risk and Compliance and what organizations can do to further protect their data & business transactions. Appsian.com with David Vincent at #GSX #GSC2021, Orlando on SecurityGuyTV.com from Security Guy TV. Interview topics…

Data breaches caused by ransomware attacks, phishing scams, and state-sponsored hacker groups tend to grab the headlines. However, the reality is that insider threat activity causes 60% of these breaches. Moreover, while these threats are becoming more frequent – up 47% over the latest two-year period – and costly to organizations, it still takes organizations…

This is the first article of a multi-part series featuring material weaknesses. Each piece will focus on one critical internal control weakness and provide solutions on how to resolve the weakness with granular security controls. The purpose of an independent audit of a company’s financial reports, called a Financial Statement Audit, is to form an…

In the previous article of this series, we talked about data field-level controls and how you can resolve a data field-level control weakness with security best practices. This article goes one level deeper from ERP data fields to ERP transactions. Sensitive transactions like approving payments, adding vendors, and modifying contracts have a direct impact on…

The fundamental goal of information security has long been to effectively maintain confidentiality, integrity, and availability. Confidentiality ensures that information is only accessed by authorized personnel requiring such access to complete their job. Integrity involves protection from unauthorized modifications of data. Availability ensures that systems and data are available to be used when needed. Organizations…