Paul Linkchorst

Hi Abhay and Yulun,

To add to this conversation, I the two major risks that I could think of in terms of excessive data would be that it can cause an inaccuracy in the data due to replication or cause a failure in the database itself. With that being said, I would much rather have duplicates of data then the wrong data. Data storage is…[Read more]

Hi Yu Ming,

I am going to take this one point further. I would say that all one must do is look at how much an organization spends on making sure data is accurate versus reducing data replication, in order to identify which they find more important. Company’s spend millions on having their financial statements audited as well as implementing E…[Read more]

Hi Alex,

That is a good point that you brought up about how inaccuracy in the Order to Cash process can lead to customer unsatisfaction.

Hi Everyone,

I am going to disagree here and don’t think that the accounting department is the correct area to define and manage the Master Data. This could be a segregation of duties issue.

If I am a member of the Accounts Payable department (under Accounting), what if I could define the vendor master data? That means I could create a…[Read more]

1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?

The point of master data is that it is a list of data which is shared among or used by several applications across different business functions. This data…[Read more]

Sean and Said,

I might have not worded my response to the question appropriately. I think that defining the Master Data should be left responsible to the actual individuals who utilize the person/things that the Master Data is representing. For example, the vendor management personnel should have a say in how the Master Data is defined since…[Read more]

3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain

In my opinion, I would say inaccurate data is a bigger risk than excessive, repetitive data. Two reasons for this is due to decision making and compliance. Data is more or less knowledge that can be used by those within an organization to make…[Read more]

2. Which department or person should play the key role in defining master data and assuring its quality?

In my opinion, I think whoever defines the master data should be the same person as the one who manages that data of the business function. To further explain, I believe that the one to define the material master data should be the one who…[Read more]

Abhay,

It is unfortunate that is the case. Hopefully they will soon see the risk they are bringing upon themselves by not properly removing this access.

Alex,

Good point you brought up but I think it depends on the product. If the cloud service is strictly one application that only the marketing department would have use for (ex. Google Analytics Solutions), then identity and access management could be the same since you only need to create identities for that application for users who need…[Read more]

Hi Priya,

This is where it can get tricky at times. It is important that upon switching functions, the switch upon access is made when the job function changes. For example, if Frank decide to move from the accounting department to the database department then you don’t want Frank to have access to the database while he still has access to s…[Read more]

Laly,

That was a good exercise that we did in the Enterprise Architecture class. When we set up the users in Active Directory, that would be considered the identity management portion since we were creating their username and passwords. The access management portion was when we set up the folders on the domain to be limited to those who…[Read more]

Hi Abhay and Joshua,

That is a pretty significant security vulnerability. You can have an in-depth security policy but if someone has legitimate access that isn’t removed, then those security policies might be meaningless. I think one of the reasons why maybe my example isn’t executed often is because it requires several department per…[Read more]

Hi Sean,

Agreed. It doesn’t make a difference if it is 20 separate applications or 1 application that does it all, you need to manage access properly based on what the application does and its respective users. Just need to keep a closer eye and have a deeper knowledge to manage the access in SAP.

Why is it important for a business to care about the difference between identity management and access management?

As others, have pointed out in the first question, identity management according to the text is the “process of representing, using, maintaining, deprovisioning, and authenticating entities as digital entities in computer n…[Read more]

The FCC just passed sweeping new rules to protect your online privacy

The article I chose to write about this week a little different with our focus usually being on business privacy to a focus on privacy of the everyday consumer. According to the article found in The Washington Post, the Federal Communications Commission has just released a…[Read more]

4. All companies are dynamic entities with employees and others using systems coming and going all the time. What best practices have you experienced or would you recommend for managing system users and their related security access?

Aside from the standard authentication processes that control who has access to a system, one of the best…[Read more]

3. What key (1-2) competencies does the person responsible in a company for security (e.g. for a given process) need to have to be successful? Why?

I think two key competencies that a security professionals within a company should have is the ability to identify and balance priorities as well as be a good decision maker. In today’s e…[Read more]

2. Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component? Explain

In my opinion, I think security in an ERP system like SAP is complex mostly because the program itself is complex. For most applications, if you want to only allow certain users to be able to access the application, then you…[Read more]

1. What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?

Segregation of duties is, as the names suggests, when roles and responsibilities are separated among different personnel. The purpose of this is to act as a control, which does this in two major ways;…[Read more]