USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT
Jen-Hao Tu
2004
Abstract
Most observers would agree that the Sarbanes-Oxley Act (SOA) is the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting. On the other hand, the SAP system is the most widely used ERP (Enterprise Resource Planning) system in the world. There are thousands of seamlessly linked components and subsystems. Conducting security tests in a complicated ERP system is still a major challenge. Based on the study of the SAP system configuration security testing at the author’s company, this work-in-progress paper will discuss related configuration security weakness in SAP system and suggest practical solutions to enhance the security control of SAP to comply with SOA.
References
- Esteves, J. and Pastor, J., 2001. Enterprise Resource Planning System Research: An Annotated Bibliography. Available: http://www.imm.ecel.uwa.edu.au/.
- Juergens, M., 1999. SAP Security. Paper presented at the Spring Conference of the ISACA, Los Angeles, USA.
- Kirk, L. A., 2001. Securing Information within SAP V4.6b Available: http:// /rr.sans.org/casestudies/SAP.php.
- Larson, G., 2000. Auditing SAP R/3. Paper presented at the Spring Conference of the ISACA, Los Angeles, USA.
- Nelson, D. (2003). Overview of Sarbanes-Oxley and mySAP Financials Tools. Paper presented at the 2003 SAP Financial Management & Business Analysis Forum, Dallas, Taxes, USA. [On-line] www.asug.com. Available: http://files.asug.com/asug/fmbasoa.pdf. Last access: 2003. October 31.
- SAP AG Corporate Overview, 2002. Available from http://www.sap.com/; Internet.
- Security and Control for SAP R/3, 2000. Available: http://www.anao.gov.au.
- Sims, M. E., 2001. Technical Aspect of Implementing/Upgrading SAP Security 4.6. Available: http://rr.sans.org/authentic/SAP_sec.php.
Paper Citation
in Harvard Style
Tu J. (2004). USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-00-7, pages 581-583. DOI: 10.5220/0002653205810583
in Bibtex Style
@conference{iceis04,
author={Jen-Hao Tu},
title={USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2004},
pages={581-583},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002653205810583},
isbn={972-8865-00-7},
}
in EndNote Style
TY - CONF
JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - USING SAP SYSTEM CONFIGURATION SECURITY TEST TO COMPLY WITH SARBANES-OXLEY ACT
SN - 972-8865-00-7
AU - Tu J.
PY - 2004
SP - 581
EP - 583
DO - 10.5220/0002653205810583