Risk Management
Risk management is not a one-time effort, but a continuous process. There are many companies in the JDE space that will provide security assessments or audits and offer plans to remediate, but once the project is over, their work is done. However, YOUR work is not done. You need a partner that will start at the beginning with identification, analysis and assessment of the risks before you get to the point of planning the remediation efforts. Even when the remediation is complete, you need to then review the results, and start the process again.
Risk Management
Identify
Create or review the risks to JD Edwards in Application access as well as in infrastructure access. Create or review Segregation of Duties definitions for access within JD Edwards as well as access across ERP systems or processes. Areas to be reviewed:
Access to critical programs within JDE (Next numbers, AAIs, bank accounts etc)
SysAdmin level access within JDE
Access to critical programs where data is interfaced into JDE (Hyperion, AP scanning solutions etc)
Systems infrastructure access with admin level privileges
E920 share
Media objects (if not in the DB)
Enterprise/application/JAS/DB servers
Analyze and Assess
Rate and prioritize identified risks
Financial or Operational
Determine business impact and likelihood of the risks
Risk Matrix
Control
Develop a risk remediation plan
Role Based Access Control to segregate duties
Determine what cannot be remediated and develop a mitigation strategy
Implement remediation and mitigation plans
Be sure to include testing and validation of the mitigation strategy
Review
Schedule and perform periodic reviews of identified risks, controls, and mitigations.
Risk Management
Identify
Create or review the risks to JD Edwards in Application access as well as in infrastructure access. Create or review Segregation of Duties definitions for access within JD Edwards as well as access across ERP systems or processes. Areas to be reviewed:
Access to critical programs within JDE (Next numbers, AAIs, bank accounts etc)
SysAdmin level access within JDE
Access to critical programs where data is interfaced into JDE (Hyperion, AP scanning solutions etc)
Systems infrastructure access with admin level privileges
E920 share
Media objects (if not in the DB)
Enterprise/application/JAS/DB servers
Analyze and Assess
Rate and prioritize identified risks
Financial or Operational
Determine business impact and likelihood of the risks
Risk Matrix
Control
Develop a risk remediation plan
Role Based Access Control to segregate duties
Determine what cannot be remediated and develop a mitigation strategy
Implement remediation and mitigation plans
Be sure to include testing and validation of the mitigation strategy
Review
Schedule and perform periodic reviews of identified risks, controls, and mitigations.