How is your company managing cybersecurity when working with  tools that work on top of your core ERP? e.g visualization, control towers,  decision making tools etc..

Security & GRC
443 views1 Upvote2 Comments
Sort By:
Oldest
President and National Managing Principal in Softwarea year ago
For us (internally at our firm) we start with a data governance policy that spells out in detail what type of information that each person (or role) within the firm is able to see across all applications and platforms. That enforcement starts at the core system of record which for us is our ERP and HCM platform; our scheduling system; and our service delivery platform. Least privilege access is enforced at those endpoints.

For there, that policy guides all access across all systems and when our BI team creates reports and connections, access rights are pulled from those primary tools and enforced such that when the BI tool is able to generate advanced reporting based on the data, those reports are limited to the people that had access to the underlying systems in the first place and that access cannot not be circumvented through the use of the BI SaaS tool.

The danger comes when companies start using privileged system accounts to pull data into a BI/visualization platform and the resume is access to individuals that were otherwise unauthorized.
2
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Chief Information Security Officer in Healthcare and Biotecha year ago
Outsourcing policy, Information security policy and Data Governance policy are 3 high-level guidelines to ensure risks are managed appropriately  

Content you might like

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

What do you think the supply chain will be or look like in the next 10+ years? (Practitioners, Strategies, Networks, Tech & Tools, etc.)

Applications & PlatformsData & AnalyticsDisruptive & Emerging Technologies+10 more
Sustainable Supply Chain Adviser in Healthcare and Biotecha year ago
As a human being, not just a supply chain professional, I truly hope that supply chains will look different in 10+ years than what they are now (or were in the last decades) and I proactively work for this change to happen.

What ...read more
3 3 Replies
Read More Comments
4.2k views5 Upvotes14 Comments