Contact us today.

Subscribe me to your mailing list

Author: Research Team

IT Controls in SOX-Compliant SAP Systems

Notorious frauds such as Societe Generale and UBS highlight the importance of internal controls. Societe Generale’s trader was assigned to a low-risk/low-return Delta One desk. He used his knowledge of the trading system and related controls to enter fictitious trades into the system to offset his real unhedged trades. He knew about certain nightly system checks and reconciliations built into the trading controls that would flag his fictitious trades. To elude controls, he erased his fictitious trades when the system checks happened and reentered them into the system after the checks were completed. The system did not flag temporary imbalances. As result of the massive trading positions he entered into, Societe Generale lost $7.2 billion. At UBS, too low-risk/low-return trader exploited his knowledge of the ETF trading system that led to bank’s loss of $2 billion.
Read more..

Which initiatives should be a part of your program to be compliant with GDPR?

The upcoming EU General Data Protection Regulation (GDPR) is considered to be one of the strictest and most far-reaching data protection regulations as any company that handles EU customer or employee data falls under it. With GDPR coming into effect on May 25, 2018, businesses need to start preparing now to ensure the compliance on time.

To gain an insight into how organizations should prepare for the upcoming changes, we reached out cybersecurity thought leaders and asked them which initiatives should be taken to be compliant with GDPR.
Read more..

SAP OS Command Injection

We continue describing categories from the list we discussed in our Introduction to Secure ABAP Development Guide and pursue “Injections”, a type of vulnerabilities occurring when an application provides no or bad user input validation. An attacker can inject malicious data, thus performing non-intended actions in a system. A suchlike vulnerability may result in the major SAP risks ( Espionage, Sabotage, and Fraud).
Read more..