Search

What is a SOX Audit? To comply with the Sarbanes-Oxley Act of 2002 (SOX), organizations are required to conduct a yearly audit of financial statements.  A SOX compliance audit is intended to verify the financial statements of the company, and the processes involved in creating them. During the audit, the financial statements and management of…

When we think of threat management, we often assume that the most dangerous security threats come from external sources. All too often, we not only underestimate the likelihood of insider threats, but also the potential damage they can cause. Insider threat involves malicious activity within an organization that’s typically carried out by a current or…

Identity governance administration (IGA) is an approach to managing identities and controlling access based on policies. Unlike traditional identity and access management (IAM) tools, IGA systems integrate identity governance and identity administration to provide additional functionality. These systems are particularly useful for auditing and meeting compliance requirements. IGA systems offer automation capabilities for user provisioning…

What is COSO? In 1985, five private sector organizations formed a joint initiative to combat corporate fraud. These organizations are called The Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO is dedicated to helping organizations improve performance by developing thought leadership that enhances internal controls for organizational governance, business ethics, enterprise risk management,…

What Are Insider Threat Indicators? An insider threat is an employee, business partner, or third party otherwise affiliated with an organization who abuses their privileges to cause damage to the organization. Insider threats can target the confidentiality of sensitive data (as in data exfiltration) or harm the integrity or availability of the organization’s information systems…

What is an Insider Threat? The term insider threat refers to individuals with access to systems and internal information about the organization. The term can be applied to employees, ex-employees, temporary staff, contractors, or partners with authorized access to the organization’s data, files, and applications. Insider threats are typically divided into the following categories: We’ll…

In response to the various risk and compliance regulations worldwide, independent auditors are testing for effective internal controls and holding security teams accountable for successfully managing their risk and compliance program in SAP. If these auditors find internal control deficiencies over financial reporting, it could be reported as a deficiency, significant deficiency, or a material…

As businesses continue to rely more heavily on technology and digital processes, the risk of cyberattacks and data breaches increases. New types of attacks are targeting new types of technology, creating a near-infinite mosaic of threat surfaces, attack vectors, and potentially disastrous outcomes for organizations and enterprises. With cybercrime becoming more sophisticated, it’s important for…

In any SAP environment, transports are essential to moving changes from one system to another, implementing new features, applying updates, and installing third-party applications. As elementary as these deliveries are, however, unchecked, they provide gateways for the import of risky objects. As a result, attempts to detect potential threats via SAP standards quickly reach their…