The Hermosa Beach Consulting Group has extensive experience
in the security and controls arena. Our deep knowledge of business
processes, risk management, IT systems and applications, combined
with our industry experiences, enable us to assist clients in
augmenting their security and controls environment.
Maintaining a secure and controlled system environment involves
the integration of both preventative and detective monitoring
controls. A periodic validation of a company’s policies and procedures
reinforces a secure system environment.
SOD Tool Selection
There are numerous options available
to monitor controls and prevent Segregation of Duty (SOD)
violations from occurring – everything from manual tracking
within a spreadsheet to automated workflow request processes.
Our consultants have experience with a wide range of tools
and are familiar with their benefits, pitfalls, and how
they work. We can assist in selecting a SOD tool that will
be most appropriate for a client’s application monitoring
SOD and Controls
The Hermosa Beach Consulting Group
has expertise in the design, analysis, and remediation of
SOD violations. A strategic partnership with an SOD application
industry leader makes possible the opportunity for us to
provide clients with an end-to-end SOD solution. Our comprehensive
methodology covers SOD rule evaluation, SOD rule violation
analysis, identification of compensating controls, and on-going
monitoring of detective controls. We work with clients
to define SOD rules to meet their risk and control objectives.
We also help to identify and remediate role and user violations
within the security design. Our consultants are also experienced
in building process and procedures for on-going compliance
after the tool is implemented.
After the initial analysis of SOD
rule violations has been completed and violations corrected
or mitigated, we encourage our clients to put preventative
controls in place. Preventative controls ensure that violations
of SOD rules do not occur on the system. Our goal is to
assist our customers in implementing automated user and
role request changes which then validate against the SOD