SecurityReport - Executive summary
Security needs to be visible and measurable for management to be able to take action.
For example; The company security policy specifies that all user accounts shall be accounted for and that user accounts shall be disabled or removed immediately when a user leaves the company. In other words if any accounts fail in the scan, this is a breach of the company security guidelines and the companies system is non compliant.
Are your systems compliant?
Concept
To ensure we meet our goals and are compliant with our policies we need reviews and audit.
Example - User Access Scan
A report based on the fact that user access is not always removed when a user leaves the company.
A company might have control that user are removed in Active Directory when they leave the company but it has been shown that users are not removed in the SAP systems. For this reason an additional control has been implemented to regularly scan SAP users to verify they still are active in the Active Directory.
