Facts about IT SecurityFacts about IT Security

1. Data theft is a rapidly growing crime

2. Intruders target user profiles with extended authorizations

3. Profiles are protected with passwords that offer NO protection at all

4. Long-term damages include financial damages, image loss, declined stock and much more

5. Without biometrics deterring, prevention and conviction is impossible

Statistics: Threat in Numbers II

5 Facts about IT Security

Statistics: Threat In numbers…Statistics: Threat In numbers…

82% of all passwords are written down (SAP-Info Online)

40% say they share passwords frequently (Source: Rainbow)

95% result in significant finical losses (Source Gartner)

92% of corporations and government agencies detected computer security breaches in the last 12 month

U.S fraud cost were $52.6 billion in 2005Article ID Theft, Page 70,SC Magazine January 2006, referring to Better Business Bureau survey

Intellectual property theft costs U.S. companies between $200 billion and $250 billion a year in sales

Counterfeit Facts, Page 44, CSO Magazine, January 2006

Of course bioLock is SAP certifiedOf course bioLock is SAP certified

SAP is a strong promoter of bioLock…

bioLock is the first SAP certified biometric identity management system. bioLock has 3-level security protection: Level I - SAP Logon, Level II - Transactions, Level III - Data. bioLock will uniquely identify the “actual user” and log all activities. Sarbanes-Oxley Section 404 requires that companies develop strong internal controls to prevent and detect fraud. With over 20 ways to get access to passwords, fraud prevention cannot be accomplished. bioLock offers Internal Control and Audit departments not only the ability to prevent unauthorized access on all levels, but also to proof, who did what and when within the mySAP ERP System.

bioLock presented by SAP Financial at SapphirebioLock Overview:

7 Reasons – Why bioLock

1. Prevent Jail Time for your Corporate Executives

2. Stop Identity Theft, Financial Damages and Espionage

3. Avoid Expensive Lawsuits, Bad Press and Perception Damage

4. Enhance and Complete your Sarbanes-Oxley Compliance Efforts

5. Comply with Other Mandatory Regulations such as Data Protection Act

6. Save $100,000 per Year on Administrative Cost – ROI in less than 3 years

7. Protect your IT System, Recover Monies and Send a Clear Message to Employees

The bioLock Value Proposition:

Download our educational bioLock Value Proposition that will explain the above in detail and learn, how you can save $100,000 a year in administration cost:www.realtimenorthamerica.com/download/Valueprop_bioLock.pdf

Case Study: HR / HIPAACase Study: HR / HIPAA

The Challenge:

Brevard County Government, home to NASA and theKennedy Space Center is running SAP including HR

Multiple employees had access to extremely critical HR data Misuse of the data by employees and others was easily possible Brevard needed to protect and uniquely identify the actual SAP USER

The Solution:

Rick Meshberger (left) installed biometrics

Access and changes are limited to uniquely identified users

A log file can proof, who did ‘what’ and ‘when’

Case Study: Finance System Case Study: Finance System

The Challenge:

Groups of people had access to many parts of the finance solution The client needed to uniquely identify the “actual user” and log activities Management requested that 2 individuals would authorize certain tasks

A manufacturing company had multiple critical tasks in their financial application including opening balance sheets, approving budgets and issuing wire transfers

The Solution:

bioLock with the dual confirmation group was installed

2 people have to authorize tasks

Both will be uniquely identified…

…and logged in the log file

Case Study: Energy CompanyCase Study: Energy Company

The Challenge:

Logging into the SAP System Approving certain workflows within the system Authorizing purchase orders over certain amounts

The Solution:

1000 active users were equipped with bioLock

The workflow and PO’s were protected

A log file can proof, who did ‘what’ and ‘when’

EnBW - One of Europe’s largest Energy companies had the requirement to uniquely identify users for certain workflows:

How does bioLock workrealtime’s solution - bioLockrealtime’s solution - bioLock

How does bioLock for SAP work:How does bioLock for SAP work:

Your Finger

biometric Hardware

SAP Software

- realtime makes the interface and protects logon to SAP

- bioLock can protect any transactions and fields in SAP

- protection with biometrics AND / OR Smart Card possible!

+ Smart … Card

Level ILevel ISECURITYSECURITY

SAPSAPAccess AuthorizationAccess Authorizationand Function Controland Function Controlthrough Fingerprintthrough Fingerprint

Security Level - OverviewSecurity Level - Overview

Level IILevel II

Level IIILevel III

Security Level I

The default password could always be ‘1234’ since you need the right finger to log on …

YOU NEVER HAVE TO CHANGE YOUR PASSWORD AGAIN!!!

In addition to the password the logon is protected with the finger (Security

Level I) of Mr. Neudenberger.

Security Level I Security Level I

Security Level IIUser ‘Neudenberger’ selects the transaction

bioLock Administration…

Please NOTE:

This could be virtually any R/3 transaction (Security Level II)

…and successfully confirms his identification with his

finger (biometric template).

Security Level II Security Level II

Security Level IIIbioLock protects the SAP System down to the field level (Security Level III) by locking the Infotype 167 to protect Health Plan Information.

The Infotype 167 is protected with biometrics based on the value (input) – all other Infotypes can be accessed as usual. Other examples could be money transfers, that would be executed as usual, until the entered amount is larger than a predefined value.

If the field input requires biometric

verification the system will ask

for a fingerprint…

Security Level III Security Level III

Intruder Identified

April does not have permission and gets rejected based on her biometric information!

Please NOTE:

Even though the identity of the User ‘April’ is known by the bioLock system, this information is not displayed for security purposes, but will be clearly shown for the controller in the log file!

In fact the system could launch a ‘fake transaction’ and automatically alert the security team about April’s unauthorized attempt.

Intruder Identified ! Intruder Identified !

bioLock Log File

For Auditing purposes realtime has created their own bioLock log file. This log file clearly shows all biometric activities including all relevant information. Of course the file can be exported to different formats or emailed to the supervisor…

The log file clearly shows that April tried to access the MB01 but was rejected…

Why do fingerprints help

Educational movies about SOXEducational movies about SOX

Educational movies about SOX

SAP has filmed an educational movie about the challenge Sarbanes-Oxley and second movie

about a very promising solution – bioLock

Please view the movies at www.bioLock.us

realtime North America

World Trade Center

Tampa, Florida 33602

Phone 813-283-0070

Fax: 813-283-0071

Email: Info@biolock.us

Schedule an Online Presentation for your Security Team!