amuDee.com

Unless you have been hiding in the caves for the past couple of months, by now you must have heard of compliance and risk management solutions from SAP that everyone is talking about. Yes, that’s right, I am talking about SAP BusinessObjects GRC.

SAP BusinessObjects Process Control 3.0 has entered RAMP-UP (date reported is 30th April) and is expected to be generally available by the end of this year. GRC Access Controls 5.3 upgrade version is already available with many new and exciting features. IDM integration and Portal provisioning remains the hottest topics on the SAP SDN (GRC) forums. Also SAP BusinessObjects Enterprise Risk Management 3.0 is already in rampup and am eagerly waiting for the final release.

Overall SAP continues to demonstrate innovation and managed to remain all time favorite in the GRC market with maximum customers and success stories. I am personally associated with SAP ERM 2.0/3.0 project so I feel really proud when I see testimonials like this: 

SAP GRC Risk Management provides a best-practice framework so we can identify, analyze, respond to, and monitor obstacles to reaching our own firm’s growth objectives.
Norman Comstock, Managing Director, Technology Assurance and Advisory Services (TAAS),UHY Advisors Inc.

Tags: compliance, Enterprise Risk Management, final release, governance, process controls, sap, SAp ERM 3.0 rampup

If you are tired of slow streaming and download speed of youtube videos and looking for a cool freeware for your windows mobile, your search ends here.  GetyTV YouTube Downloader Ver: 1.0 is a freeware windows mobile (pocket pc) application which enables you to keep YouTube right in your pocket. 

You may be wondering, what’s the point in re-inventing the wheel when lots of youtube downloaders are already available on the web. Yes you are right but search again, you won’t find enough range of multi format video downloaders compatible with windows pocket pc (HTC) however the web is full of such applications for Symbian and Java based handsets. GetyTV is an attempt to bring some similar features for windows mobile users and that’s the core objective of this application. No more tears, no more pain for windows mobile users now, with GetyTV YouTube Downloader  you can download your favourite youtube videos at anytime, anywhere with amazing quality. You can search for youtube videos with regular  keywords and download the videos in multiple formats. You can play them later, or make a cool collection of your favourite videos.

What’s more? It’s just a 47 Kbs full application for free, so get yourself getyTV and enjoy Youtube on your windows handset as never before.

GetyTV Demo:

Checkout the official GetyTV webpage at http://db.amudee.com and Download now.

About the Developer: 

GetyTV has been developed by Depinder Bharti, a computer science student from India. GetyTV is his first windows freeware project. I wish him all the very best.

Tags: .3gp, .mp4, .mp4(hd) formats, Designed Specially for HTC devices, Download Movies, GET YOUTUBE VIDEOS on your windows Pocket pc, Music in .flv, Videos

During financial crisis or so called recession period, companies are forced to reconsider their investments in IT infrastructure. When the market risks approaches the threshold value, companies start looking for ways to cut overall costs and no doubt such actions are required to sustain the business in tuff times. 

 On the basis of current market trend evaluation and the demand analysis, they re-consider IT investments on the following terms-

 What’s a must-have?

What can be delayed?

What can be dropped?

 But from a GRC perspective I would say, that security and compliance continues to be a must have. Security can not be delayed or dropped at all. Whenever people neglected security the probability of damage and losses increased and the recent credit card frauds are one example.

 In the times of crisis the security should be on your top priority. The trend for criminal actions doesn’t go down due to a recession. On the contrary, your competitors take a strong line on your assets and try to evade any confidential. Industrial espionage is a bigger threat than ever. Even your employees will try to take whatever they can in order to foster their advantage in the market. Therefore, I recommend investing in GRC as a must-must-have especially in times of a crisis.

Tags: financial crisis, governance risk and compliance, GRC scope, IT investment, risk management, security in crisis, security infrastructure, why grc in tuff times, why security

Managing access and authorizations across diverse platforms has always been a challenging task. Today’s businesses are running on multiple platforms which ultimately demands unified access controls solutions that can manage cross-platform access and authorizations.

Many organizations are using different enterprise solutions like sap, oracle, PeopleSoft, JD Edwards, Hyperion and legacy systems (Native or custom ERP) within the organization or in conjunction with different partners. In such an environment the risk of unauthorized access and un-monitored transactions threatens organizational integrity and compromises security.

General Observations:

• Fragmented approach to handle Access Controls is ineffective and cumbersome
• Maintenance cost of Point Solutions increases significantly
• Most access controls solutions do not integrate well with legacy systems
• Disintegrated access controls initiatives go in vain
• High adoption of web 2.0 applications and Cloud computing would also influence regulatory compliance to change and establish enterprise wide, cross-platform SoD and authorization policies.
• Conventional access controls solutions have to compete with unified access controls which can also integrates physical access with biometric solutions.

Disintegrated access controls applications lacks in following:

• Lack of SoD best practices – unavailability of cross-platform access rule-sets and authorization policies.
• Conventional access controls solutions only supports Batch risk analysis. Outdated data can not provide real time monitoring and hence do not help in accurate decision making.
• The biggest disadvantage of Point solutions is the Duplication of Data and No support for SOA

Organizations find it difficult to establish access and authorization policies supporting cross-platforms to protect unauthorized access. Most reported that their native or conventional access management solutions do not integrate with other platforms and thus they end up spending on point solutions.

What is expected from Access Controls solutions?

 Looking at the high adoption rate of web 2.0 applications, cloud computing, and evolution in enterprise mobile applications, It is expected that in near future companies might need a unified access controls solution to defend risks with volatile nature and well planned threats to data privacy. Access Controls solutions have to be robust, flexible, platform independent, customizable and should demonstrates SoA in true sense. Access Controls should enable an auditor to review access policies and implement suggested mitigation or remediation strategy.  

Cross-platform / Cross-Enterprise Access Controls:

 To achieve transparency, access controls solutions must span to all business processes. For many organizations, this means that the access controls applications must be compatible with all of the enterprise applications used to support considered business processes. The only solution to this problem is to implement a single, holistic solution that provides cross-enterprise / cross-platform access controls capabilities.

 To address this space, SAP and its technology partner Greenlight has developed platform independent RTAs “Real Time Agents” to support multiple platforms independently and thus minimize the overall cost and achieve enterprise-wide Governance. The best part is that, SAP provides Greenlight adapters to it’s customers without any extra cost.

SAP GRC Access Controls Suite cross-enterprise Advantages:

• Minimize cost with unified access controls solution for cross-enterprise systems and supports multiple platforms.
• Deploy access rule-sets across the enterprise.
• Real-time, Non-invasive Continuous Monitoring
• No Batching, Outdated Data or Inaccurate Subsets
• No Need for Duplication of Data
• No need to transfer data (ERP) 

Platforms and versions currently supported:

Following information is for reference purpose only and may not be up to date. I will update this information as soon as possible.

Risk Analysis and Remediation (CC) and Compliant User Provisioning (AE)

Oracle

Development (version RTA created on) : 11.5.10.2

Supports: 11.5.8, 11.5.9, 11.5.10

Peoplesoft

Development (version RTA created on) : 8.9

Supports: 8.4, 8.5, 8.8, 8.9 (People tools 4.7, 4.8 & 4.9)

JDE

Development (version RTA created on) : 8.12

Supports : JDE Enterprise One (8.10, 8.11, 8.12)

Delivered Ruleset – SAP system

• 256 Risks
• 29,516 action combinations – As of 2007 Q1 update
• 44,337 – As of 2007 Q3 update
• 58,649 – As of 2008 Q2 update
• Covers the following business processes

HR and Payroll

Procure to Pay

Order to Cash

Finance

General Accounting

Project Systems

Fixed Assets

Basis, Security and System Administration

Materials Management

APO

SRM

CRM

Consolidations

Delivered Ruleset – Oracle system

• 162 Risks
• 13,183 action combinations
• Covers the following business processes

HR and Payroll

Procure to Pay

Order to Cash

Finance

General Accounting

Project Systems

Fixed Assets

System Administration

Materials Management

SRM

Delivered Ruleset – PeopleSoft system

• 57 Risks
• 27,906 action combinations
• Covers the following business processes

HR

Procure to Pay

Finance

General Accounting

Fixed Assets

System Administration

 Delivered Ruleset – JD Edwards System

• 21 Risks
• 303 action combinations
• Covers the following business processes

Procure to Pay

Order to Cash

Why SAP GRC Access Controls for Non-SAP?

Most of the people don’t consider spending on software they use at home and prefer cracked applications.  If you are one of them ? Please read further.

So what you did the last time you downloaded a software?

1.       You Google it

2.       You find it’s not free or expensive

3.       You search for a cracked version

4.       You download the torrent

5.       You install an infected application and become a zombie

If that’s the case, You have already invited a hacker to have a stealth look at your machine. It’s like giving a master key of your home to a well known thief.  Other possibility is that your system may now be an active zombie of a botnet.

What Is a Bot (or Zombie)?

A ‘bot’ is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a ‘bot’ are generally referred to as ‘zombies’. There are literally tens of thousands of computers on the Internet which are infected with some type of ‘bot’ and don’t even realize it. Attackers are able to access lists of ‘zombie’ PC’s and activate them to help execute DoS (denial-of-service) attacks against Web sites, host phishing attack Web sites or send out thousands of spam email messages. Should anyone trace the attack back to its source, they will find an unwitting victim rather than the true attacker.

Find out more on wikipedia, just drag your mouse over.

Have you ever though why software is cracked and made available for free download; “No” think about it. Why would somebody crack an applications for you? People who take software for granted don’t realize how much effort it takes to develop an application. Cracked software’s are the simplest way to spread viruses, worms and other malicious programs. When you install these re-engineered software’s on your machine you become infected. Whenever you get online, the malicious program sends your system information to the zombie community and then they can remote access your system and use it to monetise in various ways. They can use your system and internet resources for spreading spam or execute denial of service attacks on other servers to shut them down. These programs work under the hood means they are stealth, you can’t see what’s going on and you may continue to experience slow internet speeds and system performance. 

Want to find out if your system is infected, download RUBotted by Trend Micro. RUBotted is a small program that watches for incoming bot-related traffic which is worth considering adding to your security toolbox. The following program description has been obtained from TrendSecure.

Trend Micro RUBotted (Beta) is a small program that runs on your computer, watching for bot-related activities. RUBotted intelligently monitors your computer’s system behaviour for activities that are potentially harmful to both your computer and other people’s computers.

RUBotted monitors for remote command and control (C&C) commands sent from a bot-herder to control your computer. Additionally, RUBotted watches for an array of potentially malicious bot-related activities, including mass mailing – a common activity performed by a bot-infected computer.

RUBotted co-exists with your existing AV software, providing advanced bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer’s continued protection.

Operating Systems:

Windows 2000 Professional (Latest Service Pack Installed)

Windows XP Professional or Home Edition (Latest Service Pack Installed)

Windows 2003 Server (Latest Service Pack Installed)

Windows Vista (32 Bit with Latest Service Pack Installed)

Snapshots:

Click here to Download

Tags: botnet, cracked softwares, malicious script, RUBotted, stealth remote access, Trend Micro RUBotted (Beta), virus attack, Zombie

At the RSA Conference in San Francisco, Melissa Hathaway, the National Security and Homeland Security Councils’ senior director for cyberspace, reviewed the president’s policy on cybersecurity.

Melissa Hathaway’s keynote, which titled: “The Obama Administration’s Cyberspace Policy Review” could not offer much details on the goverment strategy however she highlighted all of the meetings, research and recommendations that have informed the administration’s 60-day cyberspace policy review.

  Excerpts from Hathaway’s speech:

Previous attempts to deal with cyber security in isolation have failed, in no small part, because they were perceived to be in conflict with the broader societal goals of progress and innovation, civil liberties and privacy rights. However, cyber security only succeeds in the context of broader economic progress. At times, it was a destination in itself, rather than a compass that guides us toward our objective. If treated in a broader context, cyber security will enable higher and far reaching national goals, have better acceptance, and as a result, a greater chance for success. Our goals depend on trust, and trust cannot be achieved if people believe that they are vulnerable to fraud and theft or if they cannot depend upon the resources (infrastructure services, i.e., water, power, telephone service) being available when needed most. At the same time, security has no meaning if the application that serves society no longer is practical or usable. Stated differently, progress and security must not viewed in a zero-sum fashion.

 Checkout Hathaway’s Full Speech – ZdNet

Tags: Melissa Hathaway, Obama's cyber security policy