Implemented segregation of duties (SoD) controls in an SAP Landscape

Delivered real-time SoD enforcement, using BusinessObjects Access Control 5.3 (BOAC) proof-of-concept with an optimized SoD ruleset, in an SAP landscape, correlating risks, assigned levels for risks, SAP transactions and Authorization Objects. The objectives achieved are:

• Installation and configuration of BOAC 5.3 with the latest patchset.
• Preparing the SoD matrix correlating inputs from business owners, IT auditors, and application users.
• Configuring manual access requests and automated user provisioning workflows to perform real-time SoD conflict checks prior to provisioning user accounts.
• Extending the ruleset to other SAP instances and additional business functions.

Implementing IT General Controls at a Fortune 500 retailer to meet SOX and PCI-DSS compliance

Delivered a unified user provisioning platform, as part of IT general controls, to meet Sarbanes-Oxley (SOX) and payment card industry- data security standards (PCI-DSS) requirements. The objectives achieved are:

• Delivering a user provisioning platform that supported all identity lifecycle events—new hire, transfers, terminations—for both full time and contingent workers, across the enterprise.
• Implementing controls rationalization by extending existing SOX controls to meet PCI-DSS compliance needs.
• Implementing real-time reporting of user entitlements with provisions for immediate access remediations.
• Achieving a complex cutover from Microsoft to Sun’s provisioning platform, as part of platform rationalization, with no service interruption.
• Extending the user provisioning platform to support new business applications, such as the global SAP rollout.

Building a Software Security Assurance Program at a Top-Tier Investment Bank

Delivered application security measures to meet regulatory compliance needs. The achieved objectives are:

• Delivering three application security assessments for internet-facing platforms, applications and toolkits, including risk analysis, code review and static code analysis.
• Producing risk mitigation strategies and measures for the vulnerabilities uncovered in the security assessments.
• Delivering of key application security training programs for software developers at major software development centers worldwide to meet training targets for the client.
• Providing configuration management.

Delivering an Access Certification Platform for a Large International Bank

Delivered mainframe entitlement review and certifications platform for a large international bank to meet its SOX regulatory compliance requirements. The achieved objectives are:

• Implementing Sun’s Role Manager to store and retrieve deeply hierarchical mainframe (RACF and TSS) entitlements.
• Integrating with the existing front-end tool for entitlement review and certification.
• Designing provisions to extend the platform to support enterprise roles.
• Delivering the platform on a compressed, fast track schedule.

Delivering Business Value to Clients with Identity and Access Management.

Delivered several proof-of-concepts and product suite integrations as part of delivering business value to clients in the manufacturing and financial services industry. The achieved objectives are:

• Delivering re-usable identity management business process templates for common business use cases, including identity lifecycle events, access management and identity audit functions.
• Adapting these templates to suit the needs of companies industries ranging from manufacturing, education, and financial services.
• Delivering integration points between Sun’s Identity and Access Management suite (Directory Server, Access Manager and Identity Manager) and SAP. Including SAP R/3, HR and NetWeaver.
• Working proof-of-concepts for CA SiteMinder, IdentityManager, and TransactionMinder installations.