Integrated Security Solutions

realtime Confidential © 2006 TK Consulting, LP

March 11, 2007

APM Demo

© 2006 realtime North America, Inc.2 realtime Confidential April 19, 2023

Contents

Overview

APM Role Management

APM Risk Management

Q & A

© 2006 realtime North America, Inc.3 realtime Confidential April 19, 2023

Who We Are - realtime

SAP ISV & IVN Partner

NetWeaver Certified Biometric Identity

Management Risk & Role Management

200 Global Fortune Clients

Established in 1986

© 2006 realtime North America, Inc.4 realtime Confidential April 19, 2023

SAP Security Solutions

mySAP Security SolutionsFour-

TierbalanceAP

MbioLock

Cost

Compliance

Usability

© 2006 realtime North America, Inc.5 realtime Confidential April 19, 2023

APM Overview

Authorization Profile Management

Developed by realtime in 1997.

Complete solution for SAP role management, audit assessment and Sarbanes-Oxley compliance.

Pre-delivered with Risk and Process Analysis cases.

Installed at over 150 Fortune 500 and other companies such as Marathon Oil, US Army, Merck AG, Schwarz-Pharma AG, Siemens and Toyota.

© 2006 realtime North America, Inc.6 realtime Confidential April 19, 2023

Contents

Overview

APM Role Management

APM Risk Management

Q & A

© 2006 realtime North America, Inc.7 realtime Confidential April 19, 2023

APM Role Management

Role Management

Collaborate with Business to identify authorization for Role Generation via Authorization Trace

Customizable Derived Role reduces maintenance cost by reducing the number of roles

Mass Change function reduces administration cost

Accelerate implementation

© 2006 realtime North America, Inc.8 realtime Confidential April 19, 2023

APM Role Management

Authorization Trace Benefits

Defined from the SAP point of view in cooperation with the Business.

No need to learn how SAP-System trace is handled.

Easily troubleshoot and resolve authorization issues.

The logged authorizations represent the minimum specifications.

Retrieves to workspace for role generation or add to existing role.

© 2006 realtime North America, Inc.9 realtime Confidential April 19, 2023

APM – Authorization Trace

Set Traces against one or more Users

© 2006 realtime North America, Inc.10 realtime Confidential April 19, 2023

APM – Authorization Trace

Traced data are imported into APM for analysis and Role Generation

© 2006 realtime North America, Inc.11 realtime Confidential April 19, 2023

APM – Role Management

Customizable Derived Role Benefits

Builds flexible and customizable roles inherited from a Master template

Reduces maintenance cost

© 2006 realtime North America, Inc.12 realtime Confidential April 19, 2023

SAP – Profile Generator Derived Role

F -2 2 (E n te r C u s tom e r Invo ice)

F -2 8 (P o s t In com in g P a ym e n t)

F -3 2 (C le ar C u sto m er) .. . .. . . . . . ..

USA Company Code - 0001

F -2 2 (E n te r C u s tom e r Invo ice)

F -2 8 (P o s t In com in g P a ym e n t)

F -3 2 (C le ar C u sto m er) .. . .. . . . . . ..

CAN Com pany Code - 0002

Custom er Invoice Processing

Only Org. Data can be modified!

© 2006 realtime North America, Inc.13 realtime Confidential April 19, 2023

APM – Customize Derived Role

F -2 2 (E n te r C u s tom e r Invo ice )

F -2 8 (P o s t In com in g P a ym e n t)

F -5 9 (P aym e nt R eq u es t).... . . . . ..

A C T V = 02 , 06

B U R K S = 0 0 03

F -3 2 (C le ar C u sto m er) ... .. . . . . . ..

USA Company Code - 0001

F -2 2 (E n te r C u s tom e r Invo ice )

F -2 8 (P o s t In com in g P a ym e n t)

F -3 2 (C le ar C u sto m er) ... .. . . . . . ..

CAN Com pany Code - 0002

Custom er Invoice Processing

Organizational and Inherited Authorization can be modified

© 2006 realtime North America, Inc.14 realtime Confidential April 19, 2023

Contents

Overview

APM Functionalities Discussion

APM Role Management

APM Risk Management

Q & A

© 2006 realtime North America, Inc.15 realtime Confidential April 19, 2023

APM – Risk Management

Risk Management Overview

Identifies Sensitive Access (SA) and Segregation of Duties (SoD)

Defines SA & SoD at Transaction and/or Authorization Field Value

Proactive Risk Analysis

Inactivates pre-defined authorization

Performs user provisioning Risk Simulation

Real-time Reporting and Monitoring

© 2006 realtime North America, Inc.16 realtime Confidential April 19, 2023

APM – SA & SoD Definition

Document additional Risk Description

Email changes to Risk Owner

Document Mitigating Controls and Exceptions

© 2006 realtime North America, Inc.17 realtime Confidential April 19, 2023

APM – Risk Management

Proactive Assessment

• Inactivate pre-defined risk

• Flags critical authorization

© 2006 realtime North America, Inc.18 realtime Confidential April 19, 2023

APM – Risk Management Reporting

3-Level Simulations

•Single Roles

•Profiles

•Transactions

© 2006 realtime North America, Inc.19 realtime Confidential April 19, 2023

APM – Risk Management Reporting

Realtime Process Analysis

•Detailed User, Role, and Auth. Value

•Cross Clients/Systems

© 2006 realtime North America, Inc.20 realtime Confidential April 19, 2023

APM – Risk Management Reporting

ALV Reporting View

© 2006 realtime North America, Inc.21 realtime Confidential April 19, 2023

APM – Risk Management Reporting

3 Levels of Reporting View

© 2006 realtime North America, Inc.22 realtime Confidential April 19, 2023

APM – Risk Management

Monitoring – Supervisor may periodically review, approve, disapprove, and document

© 2006 realtime North America, Inc.23 realtime Confidential April 19, 2023

APM – Risk Management

Approval History

© 2006 realtime North America, Inc.24 realtime Confidential April 19, 2023

APM – Risk Management

Risk Change Management History

© 2006 realtime North America, Inc.25 realtime Confidential April 19, 2023

APM – Special User

Monitors executed Programs & Transactions

© 2006 realtime North America, Inc.26 realtime Confidential April 19, 2023

Questions