Segregation of Duties Solutions

More documents

Recommendations

Info

Software Tool Comparison Example Control Objectives (Summarized) S-1: Proper segregation of duties exists among the IT functions (e.g. application development and DBA). S-2: Formal policies govern user access administration, config and monitoring. S-3, S-7, S-11, S-15: Additions / modifications to security privileges are properly authorized. S-4, S-8, S-12, S-16: Access privileges are timely disabled or modified in response to terms and transfers. S-5, S-9, S-13, S17: Periodic review of user access privileges is performed. S-6, S10, S14: Review of unauthorized access attempts is performed. SOD Tools User Provisioning IdM technique could be deployed to address some of the objective IdM technique could be deployed to address most of the objective Single- Sign-On Copyright © 2006 Deloitte Development LLC. All rights reserved. 23
About Deloitte Deloitte, one of the nation's leading professional services firms, provides audit, tax, consulting, and financial advisory services through nearly 30,000 people in more than 80 U.S. cities. Known as an employer of choice for innovative human resources programs, the firm is dedicated to helping its clients and its people excel. "Deloitte" refers to the associated partnerships of Deloitte & Touche USA LLP (Deloitte & Touche LLP and Deloitte Consulting LLP) and subsidiaries. Deloitte is the U.S. member firm of Deloitte Touche Tohmatsu. For more information, please visit Deloitte's Web site at www.deloitte.com/us. Deloitte Touche Tohmatsu is an organization of member firms devoted to excellence in providing professional services and advice. We are focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of 120,000 people worldwide, our member firms, including their affiliates, deliver services in four professional areas: audit, tax, consulting, and financial advisory services. Our member firms serve more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Deloitte Touche Tohmatsu is a Swiss Verein (association), and, as such, neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” "Deloitte & Touche," "Deloitte Touche Tohmatsu," or other, related names. The services described herein are provided by the member firms and not by the Deloitte Touche Tohmatsu Verein. For regulatory and other reasons, certain member firms do not provide services in all four professional areas listed above. Copyright © 2006 Deloitte Development LLC. All rights reserved. 24
Page 1 and 2: Segregation of Duties Solutions Poi
Page 3 and 4: Business Considerations Copyright
Page 5 and 6: Common Challenges and Pitfalls of I
Page 7 and 8: Regulatory Compliance Sarbanes-Oxle
Page 9 and 10: Access Management Implementation of
Page 11 and 12: Companies Need a Process for Establ
Page 13 and 14: Technology can help companies manag
Page 15 and 16: SOD Assessment Process Step I • U
Page 17 and 18: Step I, Cont. Deloitte Determine SO
Page 19 and 20: Market Opportunity Step II, Cont. G
Page 21 and 22: Example Copyright © 2006 Deloitte
Page 23: Conflict Report Copyright © 2006 D

Segregation of Duties Solutions

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?