USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT

Jen-Hao Tu

2004

Abstract

Most observers would agree that the Sarbanes-Oxley Act (SOA) is the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting. On the other hand, the SAP system is the most widely used ERP (Enterprise Resource Planning) system in the world. There are thousands of seamlessly linked components and subsystems. Conducting security tests in a complicated ERP system is still a major challenge. Based on the study of the SAP system configuration security testing at the author’s company, this work-in-progress paper will discuss related configuration security weakness in SAP system and suggest practical solutions to enhance the security control of SAP to comply with SOA.

References

  1. Esteves, J. and Pastor, J., 2001. Enterprise Resource Planning System Research: An Annotated Bibliography. Available: http://www.imm.ecel.uwa.edu.au/.
  2. Juergens, M., 1999. SAP Security. Paper presented at the Spring Conference of the ISACA, Los Angeles, USA.
  3. Kirk, L. A., 2001. Securing Information within SAP V4.6b Available: http:// /rr.sans.org/casestudies/SAP.php.
  4. Larson, G., 2000. Auditing SAP R/3. Paper presented at the Spring Conference of the ISACA, Los Angeles, USA.
  5. Nelson, D. (2003). Overview of Sarbanes-Oxley and mySAP Financials Tools. Paper presented at the 2003 SAP Financial Management & Business Analysis Forum, Dallas, Taxes, USA. [On-line] www.asug.com. Available: http://files.asug.com/asug/fmbasoa.pdf. Last access: 2003. October 31.
  6. SAP AG Corporate Overview, 2002. Available from http://www.sap.com/; Internet.
  7. Security and Control for SAP R/3, 2000. Available: http://www.anao.gov.au.
  8. Sims, M. E., 2001. Technical Aspect of Implementing/Upgrading SAP Security 4.6. Available: http://rr.sans.org/authentic/SAP_sec.php.
Download


Paper Citation


in Harvard Style

Tu J. (2004). USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-00-7, pages 581-583. DOI: 10.5220/0002653205810583


in Bibtex Style

@conference{iceis04,
author={Jen-Hao Tu},
title={USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2004},
pages={581-583},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002653205810583},
isbn={972-8865-00-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT
SN - 972-8865-00-7
AU - Tu J.
PY - 2004
SP - 581
EP - 583
DO - 10.5220/0002653205810583