A framework for separation of duties in an SAP R/3 environment
所以在网络上搜寻些SoD也发现了些不错的paper,年发表在Managerial Auditing Journal和Peter J.Best,一个是来自QUT也可以说是咱们的理论加上实践吧.使用的公司应该不多了,的朋友们推荐下.介绍了文章的平台是基于SAP R/3,首先当前的IT公司都面临着信息安全的问题,来讲.打个简单的比方,突然发现系统中有些你不熟悉的业务操作,了,应该是所有的信息安全中都会提到的Authentication, Access control, Cryptography, Auditor trail log)通俗的说就是职权分离,不仅仅是在系统中的分配, 也应该做到不违背SoD基于本文的主要方向separation of duties with in the general ledger(GL), accounts receivable(AR), and accounts payable (AR), 1. Credit management should be separated from master record maintenance in accounts receivable.
4. In accounts payable, cheques should be managed any payments performed by someone other than the person who enters vendor invoices.
7.本文的作者,来设计出一个比较具体的如何在R/3或者consultant总的来说,这篇文章还是说得比较的general的权限设计的讲述,的介绍, 文章的理论描述以及丰富的case study
页:
[1]