GRC ACCESS CONTROL 5.

X
Goals:

Security Training

Explain how SAP GRC Access Control (Risk Analysis and Remediation, Super user Privilege Management, Compliant User Provisioning and Enterprise Role Management) works in combination with SAP business processes.
Demonstrate the functionalities and usage of the different components within SAP GRC

Access Control Discuss how to use the SoD Management process as standard approach for implementing SAP GRC Access Control Configure and use workflow-based SoD and User Access Reviews to ensure a continuous assessment of the risk situation by the business process owners Discuss how the use of Enterprise Role Management will help to maintain a clean SoD environment with respect to your organizations roles. Identify the integration points across the whole SAP GRC Access Control Suite Implementation strategy of GRC Access Control Project. Course Based on Software Release
SAP GRC Access Control 5.3 SAP ERP Central Control 6.0 Duration :30 HRS

Contents 1. Overview of SAP Security

1. 2. 3. 4. 5. 6. 7. 8. 9.

SAP R/3 Architecture SAP Basis Security Authorization concept User and Role creation Concept of Derived role Derived Role benefits Exercise on Role creation (Hands-On) Auditing and Monitoring Security Reports

2.SoD overview
10. 11. 12. 13. 14.

SOX Compliance SoD Management Process Phases SoD Implementation Methodology SoD Matrix How Risk Analysis & Remediation/CC compatible to SoDs.

Security & GRC AC 5.X | By Joseph Pavan 1

GRC ACCESS CONTROL 5.X

Security Training

3. Overview of SAP GRC Access Control

15. 16. 17. 18. 19. 20. 21. 22.

Why GRC? SAP GRC Components Product architecture SAP GRC Access Control 5.3 suite features Prerequisites Installation System Landscape SAP GRC Access Control Authorizations

4. Risk Analysis and Remediation

23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50.

Overview Architecture Verification of Installation Getting Clean using RAR Compliance Calibrator tabs Exercise Implementation Process Flow User Management Engine Key Terminology Introduction to the SoD Risk Management Process RAR Rule Architect SoD Rule Building Process Exercise Rule Library Management View- Risk Violations Risk Analysis Adhoc Reports Risk Analysis Risk Remediation Simulation Exercise Alerts Exercise Mitigation Exercise Organizational Rules and Organizational Level Reporting Exercise Continuous Compliance Operational guide

Security & GRC AC 5.X | By Joseph Pavan 2

GRC ACCESS CONTROL 5.X

51. Exercise

Security Training

5. Super user Privilege Management

52. 53. 54. 55. 56. 57. 58.

Overview Verification of Installation Exercise Super user Privilege Management functionality and uses SPM configuration SPM Reports Exercises

6. Compliant User Provisioning

59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71.

Overview Verification of Installation Compliant User Provisioning Functionality Integration with RAR & ERM Workflow-based Reviews Compliant User Management Lifecycle Work flow creation Super user access workflow Request creation and approval flow Types of workflows Configurations Different reports Exercises

7. Enterprise Role Management

72. 73. 74. 75. 76. 77. 78. 79.

Overview Verification of Installation Configuration Review Workflow Steps Access Control Integration Integration between all Access Control Products Compliance Reporting Role creation workflow

Security & GRC AC 5.X | By Joseph Pavan 3

GRC ACCESS CONTROL 5.X

80. Reports 81. Exercises

Security Training

8. Project flow methodology Project preparation Requirement gathering Blue print Architecture & SLD Operational steps

9. GRC 10 Introduction

Security & GRC AC 5.X | By Joseph Pavan 4