Do you get alerts for security breaches?
Allocating roles to users in JDE? Will that create a security breach?
You don’t have to wait until after a segregation of duties (SOD) breach occurs, to know a violation is going to happen. Did you know that using the ALLOut toolset, if someone sets up a role assignment that creates a SOD violation, you are immediately going to get a warning?
Mitigate it or deny it, but don't just let it happen!
It’s important to know how to deal with SOD violations. A good audit doesn’t just look at security data, but also analyses how your compliance tools are configured. Check your rule configuration to eliminate SOD violations. Mitigation, whilst valid, should only really be a last resort.
You need to explore:
Is the violation caused by an incorrect SOD rule? – so fix it!
Could access be removed from the user to resolve the violation?
Should the SOD violation be reviewed in terms of business process change?
If all else fails, set up a documented mitigation
It is quite unlikely that your company has zero SOD violations, but hopefully you have good reasons for those violations occurring and controls in place to assess the risk.
Don’t let a simple role allocation rock the business, make sure you get security alerts with the ALLOut toolset!