ERP Vulnerability Assessment™ for InfoSphere Guardium®

Security and Compliance for your ERP System

PeopleSoft is one of the most widely deployed ERP systems globally, with implementations typically containing significant amounts of data which are both mission critical and highly sensitive.

Customer data, financial data and personnel data are all examples of sensitive information managed within PeopleSoft. It is therefore not surprising that many compliance requirements and audits involve data managed by PeopleSoft, requiring IT security organizations to ensure their PeopleSoft data is secure.

BTRG’s ERP Vulnerability Assessment™ with InfoSphere Optim™ provides a packaged solution that addresses both the security and compliance requirements for PeopleSoft data – without requiring changes to existing business processes or application source code.

The ERP Vulnerability Assessment™ leverages delivered functionality in IBM’s InfoSphere Guardium® solution to streamline the identification of vulnerabilities in an organizations PeopleSoft security.

Having worked on many PeopleSoft projects, BTRG’s Information Governance experts have identified the most common pain points an organization experiences when dealing with PeopleSoft security and compliance issues. Leveraging this information, BTRG has created a set of proprietary SQL statements that leverage the pre-built report functionality within InfoSphere Guardium® to identify risks to an organization’s PeopleSoft security. The assessment is designed specifically to identify the following vulnerabilities:

• Database Security: Determine if database security provides adequate protection of sensitive data and transactions.
• PeopleSoft Security: Determine if the application security configuration provides for adequate protection of sensitive data and transactions.
• Segregation of Duties: Determine if controls are in place to ensure segregation of duties of critical functions.
• Business Process Controls: Determine if controls exist that will detect, authorize, and correct errors to transactions on a timely basis.

The ERP Vulnerability Assessment™ scans the PeopleSoft security tables and performs a checklist against these objectives to identify gaps and determine if the organization passed or failed the assessment. If vulnerabilities are identified, BTRG uses the assessment to identify the proper steps for corrective action.

Download a pdf version of this Case Study