{"id":110491,"date":"2022-02-17T08:00:00","date_gmt":"2022-02-17T07:00:00","guid":{"rendered":"http:\/\/e3mag.com\/?p=110491"},"modified":"2024-01-19T11:30:10","modified_gmt":"2024-01-19T10:30:10","slug":"apres-lexamen-cest-avant-lexamen","status":"publish","type":"post","link":"https:\/\/e3mag.com\/fr\/nach-der-pruefung-ist-vor-der-pruefung\/","title":{"rendered":"Apr\u00e8s l'examen, c'est avant l'examen"},"content":{"rendered":"<p>Les concepts d'autorisation SAP sont soumis \u00e0 des changements constants. C'est pr\u00e9cis\u00e9ment pour cette raison que les autorisations telles que \"SAP_ALL\" ou la s\u00e9curisation des utilisateurs SAP standard, mais aussi les risques SoD (Segregation of Duties) sont revus chaque ann\u00e9e par les auditeurs. La liste des mesures n\u00e9cessaires est longue, de l'application des patchs de s\u00e9curit\u00e9 au contr\u00f4le et \u00e0 la r\u00e9duction des autorisations critiques.<\/p>\n\n\n\n<p>Souvent, des sp\u00e9cialistes de la s\u00e9curit\u00e9 comme Sast Solutions sont alors engag\u00e9s \u00e0 court terme pour s'assurer que la liste des trouvailles de l'audit de l'ann\u00e9e derni\u00e8re des auditeurs<br>a \u00e9t\u00e9 trait\u00e9 de mani\u00e8re approfondie et qu'aucun risque grave n'est venu s'ajouter depuis le nettoyage, qu'il s'agisse de d\u00e9bogage et de remplacement, de suppression de documents de modification ou de lancement de tous les rapports pour certaines autorisations critiques. L'une des raisons de ces mandats ad hoc est qu'en raison d'un manque de ressources, aucune v\u00e9rification des nettoyages n'a \u00e9t\u00e9 effectu\u00e9e entre-temps apr\u00e8s l'audit pr\u00e9c\u00e9dent.<\/p>\n\n\n\n<p>Si l'on se limite \u00e0 cette approche r\u00e9active, le cycle annuel est programm\u00e9. Si tous les anciens findings sont \u00e9limin\u00e9s ou mitig\u00e9s juste avant le prochain audit, l'auditeur ne se contentera pas de les tester, mais effectuera bien s\u00fbr d'autres contr\u00f4les, \u00e9tablira une nouvelle liste de findings - et le jeu recommencera.<\/p>\n\n\n\n<p>Pour \u00e9viter des dommages \u00e0 court terme, une action bas\u00e9e sur le temps est donc certes n\u00e9cessaire, mais elle n'est pas porteuse d'avenir. L'\u00e9tat de conformit\u00e9 du syst\u00e8me se d\u00e9t\u00e9riore \u00e0 nouveau imm\u00e9diatement par l'attribution de nouvelles autorisations, une r\u00e9introduction en douce n'est pas emp\u00each\u00e9e de mani\u00e8re proactive. Les nouveaux risques ne sont souvent pas identifi\u00e9s au cours de l'ann\u00e9e, mais seulement lorsque le prochain audit est pr\u00e9vu. Il n'y a donc pas de travail continu pour am\u00e9liorer la situation, ni de contr\u00f4le permanent des risques. En effet, chaque audit ne repr\u00e9sente qu'un instantan\u00e9. Une liste de d\u00e9couverte ne montre toujours qu'une petite partie des risques dans un syst\u00e8me SAP.<\/p>\n\n\n\n<p>La solution \u00e0 ce probl\u00e8me est relativement simple : ne pas attendre le prochain audit, mais prendre conscience d\u00e8s maintenant de ses propres points faibles. C'est la seule fa\u00e7on de garantir la s\u00e9curit\u00e9 des syst\u00e8mes SAP tout au long de l'ann\u00e9e et de conserver une capacit\u00e9 de r\u00e9action rapide en cas d'anomalies. La mani\u00e8re la plus simple et la plus approfondie d'y parvenir est d'utiliser une solution globale, bas\u00e9e sur des outils, pour la d\u00e9tection des menaces SAP et la gouvernance des acc\u00e8s, comme la Sast Suite. Celle-ci se charge non seulement d'une surveillance compl\u00e8te en temps r\u00e9el, mais aussi de l'int\u00e9gration de contr\u00f4les cycliques jusqu'\u00e0 la cr\u00e9ation d'un plan d'audit avec sa propre politique pour la liste de d\u00e9couverte de l'auditeur.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/e3mag.com\/partners\/sast-solutions-ag\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"112\" src=\"https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner.jpg\" alt=\"https:\/\/e3mag.com\/partners\/sast-solutions-ag\/\" class=\"wp-image-69882\" srcset=\"https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner.jpg 1000w, https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner-768x86.jpg 768w, https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner-100x11.jpg 100w, https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner-480x54.jpg 480w, https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner-640x72.jpg 640w, https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner-720x81.jpg 720w, https:\/\/e3mag.com\/wp-content\/uploads\/2020\/10\/Sast-CI-Banner-960x108.jpg 960w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/a><\/figure>","protected":false},"excerpt":{"rendered":"<p>Tous les ans, tous les responsables SAP et s\u00e9curit\u00e9 le savent, l'audit du commissaire aux comptes arrive. Et pourtant, l'incertitude r\u00e8gne souvent \u00e0 ce moment-l\u00e0 sur la situation actuelle des risques des syst\u00e8mes SAP.<\/p>","protected":false},"author":2207,"featured_media":137347,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"pmpro_default_level":"","footnotes":""},"categories":[40127,6],"tags":[13400,40130,39537,31],"coauthors":[38401],"class_list":["post-110491","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mag-21-12","category-wirtschaft","tag-audit","tag-mag-21-12","tag-sast-solutions","tag-wirtschaft","pmpro-has-access"],"acf":[],"featured_image_urls_v2":{"full":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"thumbnail":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-150x150.jpg",150,150,true],"medium":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-400x180.jpg",400,180,true],"medium_large":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-768x346.jpg",768,346,true],"large":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"image-100":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-100x45.jpg",100,45,true],"image-480":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-480x216.jpg",480,216,true],"image-640":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-640x288.jpg",640,288,true],"image-720":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-720x324.jpg",720,324,true],"image-960":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-960x432.jpg",960,432,true],"image-1168":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-1168x526.jpg",1168,526,true],"image-1440":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"image-1920":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"1536x1536":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"2048x2048":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"trp-custom-language-flag":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-18x8.jpg",18,8,true],"bricks_large_16x9":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"bricks_large":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"bricks_large_square":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps.jpg",1200,540,false],"bricks_medium":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-600x270.jpg",600,270,true],"bricks_medium_square":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-600x540.jpg",600,540,true],"profile_24":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-24x24.jpg",24,24,true],"profile_48":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-48x48.jpg",48,48,true],"profile_96":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-96x96.jpg",96,96,true],"profile_150":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-150x150.jpg",150,150,true],"profile_300":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/02\/Steps-300x300.jpg",300,300,true]},"post_excerpt_stackable_v2":"<p>Alle Jahre wieder, das ist jedem SAP- und Security-Verantwortlichen klar, steht das Wirtschaftspr\u00fcfer-Audit an. Und trotzdem herrscht dann oft Unsicherheit \u00fcber die aktuelle Risikosituation der SAP-Systeme.<\/p>\n","category_list_v2":"<a href=\"https:\/\/e3mag.com\/fr\/category\/mag-21-12\/\" rel=\"category tag\">MAG 21-12<\/a>, <a href=\"https:\/\/e3mag.com\/fr\/category\/wirtschaft\/\" rel=\"category tag\">Wirtschaft<\/a>","author_info_v2":{"name":"SAST SOLUTIONS","url":"https:\/\/e3mag.com\/fr\/author\/sast-solutions\/"},"comments_num_v2":"0 commentaire","_links":{"self":[{"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/posts\/110491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/users\/2207"}],"replies":[{"embeddable":true,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/comments?post=110491"}],"version-history":[{"count":1,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/posts\/110491\/revisions"}],"predecessor-version":[{"id":137348,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/posts\/110491\/revisions\/137348"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/media\/137347"}],"wp:attachment":[{"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/media?parent=110491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/categories?post=110491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/tags?post=110491"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/e3mag.com\/fr\/wp-json\/wp\/v2\/coauthors?post=110491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}