Effectively using SAP SOD analysis to meet audit needs | Offline SoD Analysis | SoD Analysis Service | Manual SoD Analysis | Quick SoD Analysis | ToggleNow

Our offline risk analysis service revolutionizes risk assessment by providing a comprehensive and secure solution that doesn’t rely on constant connectivity. This innovative service enables organizations to conduct thorough risk evaluations and Segregation of Duties (SoD) analysis without the need implementing any solution. By utilizing this offline approach, businesses can efficiently identify, evaluate, and mitigate critical risks while ensuring data security and compliance. This service empowers companies to conduct in-depth risk assessments at their convenience, offering flexibility and reliability in managing potential vulnerabilities within their SAP systems and processes.

Read more: https://togglenow.com/services/offline-segregation-of-duties-analysis-review/

A package? On the 7th? When publish date is the 8th? Surely it can’t be…

BUT IT ISSSSS!!!

HELLO, YOU!!!!

Waited so many years for this little beauty!

10 tips to safeguard your critical business data in SAP systems

Secure your Critical Business Data

Security and risk are becoming increasingly challenging as businesses become more connected. It requires data sharing between different systems, applications, and enterprises.

According to Forrester, companies will double their budgets for data strategy over the next five years and according to Gartner, transparency and traceability are among the Top Ten Strategic Technology Trends for 2022. Smart spaces, they claim, will offer better business opportunities.

It was found in another recent report by Onapsis that between 50,000 and 100,000 organizations use SAP systems that are vulnerable. An example that made the world aware of the importance of data security is the case with the New Zealand government. An immense data breach in which firearms, addresses, and names of gun owners were exposed led SAP itself to apologize to the government. There was no hacking involved in the breach, but 66 dealers got access to sensitive information because of a change in user access given to dealers participating in the buyback scheme.

“Between 50,000 to 100,000 organizations use SAP systems that are vulnerable.”

Apparently, SAP is working on various solutions to increase the security of data. In addition, it reminds clients that security is a collaborative effort, and emphasizes the importance of proper system configuration.

The importance of security in SAP

Data breaches and ransomware attacks are on the rise, and the global pandemic presents new opportunities for cybercriminals. Many employees today access corporate resources through virtual private networks (VPNs). The shift to remote work has resulted in a more permissive VPN policy, which compromises corporate networks in an indirect way.

There is a need for IT security teams to accomplish more with less budget or with the same budget. It is part of their job responsibility to manage day-to-day IT and security operations, find and retain skilled security talent, identify and address security capability gaps, and maximize the return on investment (ROI).

Almost seven out of ten organizations do not place a high priority on securing their SAP systems. Considering the recent spike in cyber-attacks, it is essential to secure SAP systems. We have put together a list of 10 tips you can use immediately to secure your critical business data in SAP system.

1. Own it – Don’t blame

When a security breach occurs, who is responsible? A recent survey by Onapsis found that half of the respondents believe SAP is to blame for security breaches – not anyone within their own organization. Another 30% believe that no one is responsible. A small percentage of people believe that the CIO or CISO is responsible for a security breach.

50% blame SAP for security breaches

30% have no idea

20% say it is CIO/CISO’s responsibility

63% of C-Level executives underestimate the risks associated with insecure SAP applications

The dangers associated with insecure SAP applications are underestimated by 63% of C-level executives.

2. Regularly update the EHP & SPS

One of the most significant steps to staying secure is to keep your system up to date. Enhancement packages are delivered by SAP to deliver new innovations/functionality or “enhancements” to customers without disruption. Ensure you have the latest enhancement packs installed, and that you aren’t several versions behind. It is always risky to be a first adopter, but it is also imperative to avoid falling behind (n-1 is always recommended). Technology and computer security are constantly improving, so it is important to keep your system up to date with patches, fixes, updates, and enhancement packs.

As part of its Support Package Stacks, SAP releases periodic security solutions. The Support Package Stacks are patches for a given product that should be applied together. It is recommended that these stacks be applied at least once a year, and SAP specifies the maintenance schedule on its website. In addition, ToggleNow can help you identify your system’s most critical SPSs.

3. The Right SODs make a difference

As business processes rapidly evolve, employee roles and responsibilities are also changing. By establishing boundaries between roles assigned to an employee and conflicts of interest that may arise from the employee’s responsibilities, segregation of duties aims to reduce internal fraud risks. For example, one employee processes a PO while another verifies and approves it. This adds more control and prevents payments to ‘fake’ vendors.

It is becoming more common for mature organisations to look for ways to improve Segregation of Duties management while reducing costs. It is imperative for businesses to integrate an advanced, quick, and easy-to-install Access Management tool that fits with their systems. This will avoid conflicts after an employee’s role or tasks change.

This can be achieved either by implementing the SAP GRC Access Control solution or ToggleNow’s SoD Analysis solution for SAP. The SAP Security Assessment services provided by ToggleNow will identify the right solutions for your organization. Additionally, if you have SAP GRC implemented, explore the various SAP GRC services that are offered by us.

With the help of our SMEs, you will be able to implement the right separation of duties strategies and ensure that you comply with the various regulations and mandates.

4. Ensure the quality of your code

SAP systems typically have over 30 percent proprietary code, depending on the industry. Statistics indicate that one critical security defect occurs for every 1,000 lines of ABAP code.

It is possible that SAP system performance will be adversely affected. It is estimated that the average SAP system contains 2,151 risks, and 70% of enterprises fail to audit their ABAP custom code for compliance and security.

It is possible to simplify the security process for your code. It is no longer necessary for organizations to invest time, money, and manpower in major security projects. An analysis of your code beforehand will enable you to identify and prioritize any risks and issues before you begin an upgrade.

To ensure security, performance, maintainability, robustness, and compliance with ABAP standards, integrate coding and quality assurance into a single activity.

Finally, you should only keep the custom code you need. It introduces unnecessary risks and increases the amount of effort needed for unnecessary code corrections when redundant unused custom code is used.

Wondering how to handle the situation? Here is a solution – SAP Solution Manager CCLM is a fantastic solution that addresses the majority of these requirements. Refer to this blog

5. Implement SAP Solution Manager – Security Optimization Service (SOS)

We are often asked by clients what tools are available to check the security of SAP systems? Additionally, to Early Watch Alert (EWA), SAP Solution Manager (SOLMAN) has a Security Optimization Service (SOS) report that focuses on security.

Security Optimization Service for the SAP NetWeaver Application Server ABAP checks the security of your SAP system(s) and perform the following checks:

��� Basis administration check • User management check • Super users check • Password check • Spool and printer authorization check • Background authorization check • Batch input authorization check • Transport control authorization check • Role management authorization check • Profile parameter check • SAP GUI Single Sign-On (SSO) check • Certificate Single Sign-On (SSO) check • External authentication check

You’ll need the latest version of SOLMAN and the latest support pack to set this up. The managed system must also be configured and setup in SOLMAN without any errors and the instance is correctly defined in LMDB. (Status Green). Additionally, the OS collector must be running on your target instances and database.

It is important, however, to answer the following before setting up the SOS:

• Does your organization have the capacity to manually review those reports and act on each recommendation? • It is set correctly so that your team has ample time to review and act on the reports.

Read ToggleNow’s success story on this subject. We have implemented Solution Manager 7.2 for one of our clients who is a leading refractory company in India since 1958.

6. Regular health checks keep the system healthy

Yes, you heard that right. Humans and systems alike benefit from regular health checks. Ponemon Institute reports that organizations lack visibility “into the security of SAP applications and lack the expertise to detect, prevent, and respond to cyberattacks quickly.”

Early detection is the key to staying healthy or secure. A frequent ERP system check helps you get a comprehensive picture of your ERP landscape before making changes and identifying areas for improvement. This is just like healthy people need annual checkups and preventative medicine to stay healthy and detect problems early. Regular health checkups can identify security gaps. Additionally, EWA and SOS reports provide an in-depth analysis of the system. According to experts’ recommendations, SAP Solution Manager must be configured to support these modules.

7. Implement an Antivirus scan

How confident are you that the documents attached in SAP are virus-free? A vulnerable code might be included in a file your users use/attach in SAP, allowing hackers to gain access.

If you use SAP software, you should use a virus scanner to protect against computer viruses, and SAP recommends this. However, SAP does not investigate, recommend, or release antivirus software as part of its server product validation program.

Many anti-virus software packages protect your SAP deployments using Deep Security, protecting critical information from threats such as malware, cross-site scripting, and SQL injections.

A Virus Scan Adapter (VSA) must be installed on the host before a Deep Security scan can be performed. SAP note 2081108 explains how to set up and configure the VSA system and SAP note 1494278 provides a list of the AV products that are supported.

Additionally, SAP administrators can define the types of documents that are allowed based on various policies. After selecting the right AV product, this can be determined.

8. Implement re-certification processes

Reviews of dormant IDs and dormant roles make a great start. Regularly reviewing the user IDs and deactivating those that are no longer needed is always recommended. This will not only increase the application’s security but also reduce licensing costs. If you already have an SOP in place and are still performing this activity manually, here is a solution for you. ToggleNow’s UserSentry automates both dormant ID review and Role review by taking the appropriate action according to defined rules. Thus, you can comply with a critical audit requirement.

9. Implement additional Security measures

In addition, we recommend that additional security measures be implemented. Back then, experts used to advise setting up complex password policies like keeping password lengths between 8-12 characters and forcing users to change their passwords frequently. Keeping strong passwords alone is no longer sufficient considering technological advancements.

It is recommended to implement additional security measures such as 2-factor authentication (2FA) or multifactor authentication (MFA), validating a user’s machine ID (aka mac ID) at log-in, and adding geofencing validations, verifying the availability of anti-virus software, checking the firewall status, etc. All these features are included in ToggleNow’s UserSentry application, which helps next-generation enterprises implement them quickly.

10. Transform your business with digital technology

The waterfall era has ended. Agility has won. By embracing digital transformation and getting fast and frequent feedback, organizations can respond quickly to critical security issues. By doing this, security issues aren’t ignored, and crises can be averted. If you are worried about the Subject matter expertise and resource availability, ToggleNow can step in and take over this critical piece. The FourEdge Service offering is a great reliever for many organizations that are seeking to start their GRC transformation journey. Remember to be in the race, or else your competitors will take over.

These are the best tips to secure your critical business data in SAP systems. Talk to our SMEs today and leave rest on us for your business data security.

Read More: https://togglenow.com/blog/secure-your-critical-business-data/

When to Redesign SAP Roles: During ECC or Post-Migration to S/4HANA or Rise with SAP

Migrating to SAP S/4HANA or adopting RISE/GROW with SAP is a strategic milestone for organizations aiming to modernize their ERP landscape. However, one critical consideration often overlooked during these transitions is the redesign of SAP roles. The timing of this redesign can significantly influence the success of the migration and the overall efficiency. Should you redesign roles during the ECC phase or wait until after the migration to S/4HANA? This blog explores the key factors driving this decision and introduces the S.M.A.R.T framework—a modern approach to SAP role redesign that ensures compliance, efficiency, and business alignment.

Understanding the Need for Role Redesign

SAP roles are pivotal in defining user access, ensuring compliance, and maintaining operational efficiency. Over time, roles in ECC systems often become bloated with unused authorizations or misaligned with current business needs. This can lead to:

Compliance Risks: Excessive authorizations increase the risk of segregation of duties (SoD) violations.

Migration Complications: Legacy roles with redundancies can complicate the migration process to S/4HANA.

Operational Costs: Since the licensing model is based on assignment and not by usage in S/4HANA and RISE, you may need to procure more licenses than required.

A role redesign ensures clean, streamlined, and compliant access structures, setting the stage for a smooth transition and efficient system post-migration.

ls.ECC vs. S/4HANA: When to Redesign Roles?

Aspect

Redesign During ECC

Redesign Post-Migration to S/4HANA

Compliance

Proactively addresses SoD conflicts and access risks.

Allows compliance alignment with new functionalities post-migration.

Migration Complexity

Simplifies migration with clean and optimized roles.

Reduces redundant effort, focusing only on relevant roles in the new system

Alignment with New Features

May require rework later to incorporate S/4HANA-specific functionalities.

Ensures roles are tailored to new modules, Fiori apps, and processes.

Timeline and Resources

Increases project timelines due to pre-migration workload.

Defers redesign efforts, potentially affecting initial system efficiency.

Business Process Analysis

Limited to existing ECC processes, with potential misalignment after migration.

Better aligned with current and optimized business processes in S/4HANA.

Redesigning SAP Roles with RISE with SAP

If you are moving to RISE with SAP, it is advisable to conduct a complete role redesign during the ECC phase. Once the migration is complete, perform a retrofit to align roles with the cloud-specific requirements introduced by RISE. This approach addresses the unique security, integration, and scalability considerations of a cloud-oriented transformation. You might have many questions at this juncture – What is the best approach? Which tools must be considered? Are there any accelerators that can be used? Can we use stock ready/ready to deploy role structures?

Challenges with Stock Ready Rulesets

Many system integrators offer pre-packaged or stock-ready rulesets as part of their role redesign services. While these rulesets might appear to save time and effort, they often come with significant challenges, making them unsuitable for many businesses. Here’s why the stock-ready approach is not recommended:

Lack of Customization: Stock-ready rulesets are designed to be generic and may not align with the specific needs of your industry or business processes. This can result in inadequate or excessive authorizations.

Compliance Risks: These pre-packaged rulesets may not fully address industry-specific compliance requirements, leaving gaps that could lead to audit findings or regulatory penalties.

Misalignment with Business Processes: Every organization has unique workflows and processes. Stock-ready rulesets may not account for these nuances, leading to inefficiencies and user frustrations.

Post-Implementation Challenges: Organizations often need to spend additional time and resources customizing these rulesets post-implementation, negating the perceived benefits of a quick deployment.

Instead of relying on stock-ready rulesets, organizations should invest in a tailored role redesign approach. This ensures that roles are aligned with specific business processes, compliance requirements, and future scalability needs, delivering long-term value and efficiency. This is where S.M.A.R.T approach/framework can be a life saver.

The S.M.A.R.T Role Redesign Framework

At ToggleNow, we leverage the S.M.A.R.T framework for SAP role redesign. This approach ensures that roles are:

Simplified: Designed to reduce complexity while maintaining operational effectiveness.

Mitigated for Risks: Focused on eliminating SoD conflicts and maintaining regulatory compliance.

Aligned with Business Tasks: Task-based roles ensure that access permissions directly support specific workflows.

Responsive to Change: Built to adapt seamlessly to future business or technical changes.

Transparent and Optimized: Designed with a focus on license optimization to eliminate unnecessary expenditures.

This framework delivers roles that are not only secure but also cost-effective and easy to manage

ToggleNow Advantage

ToggleNow brings a unique value proposition to SAP role redesign initiatives, ensuring a seamless and efficient process tailored to your business needs. Here’s why we stand out:

Customized Solutions: Unlike stock-ready rulesets, ToggleNow develops tailored role designs aligned with your specific business processes, compliance requirements, and industry standards.

Deep Expertise: With extensive experience in SAP role redesign, ToggleNow combines technical proficiency with a deep understanding of regulatory compliance and security best practices.

Innovative Tools:ToggleNow leverages proprietary tools such as Verity, Optimus and accelerators such as xPedite to streamline role redesign, risk analysis, and validation, ensuring faster project delivery.

Focus on Scalability:Our approach ensures that the roles we design are not only compliant and efficient but also scalable, adapting to your future business growth.

Proven Track Record:Trusted by leading organizations, ToggleNow has successfully delivered role redesign projects across diverse industries, enabling smoother migrations and enhanced system performance.

By partnering with ToggleNow, organizations can confidently navigate their SAP transitions, optimizing roles to drive operational excellence and long-term success.

Conclusion

The decision to redesign SAP roles during ECC or post-migration to S/4HANA or RISE with SAP depends on your organization’s priorities, resources, and timeline. Redesigning during ECC can simplify the migration process, while post-migration redesign allows alignment with new functionalities. For RISE with SAP, role redesign becomes even more critical to address cloud-specific requirements.

Moreover, organizations should avoid the pitfalls of stock-ready rulesets and opt for a customized approach that aligns with their unique requirements. By investing in a well-planned redesign, organizations can unlock the full potential of SAP S/4HANA or RISE with SAP, driving operational excellence and business growth.

Read more: https://togglenow.com/blog/redesign-sap-roles-ecc-or-s-4hana/

"Character continually re-traumatizes itself and has internalized damaging racist propoganda that it enacts upon other enslaved people as a self defense mechanism and will eventually learn that this is bad and damaging and learn to care about other enslaved people instead of hating and killing them and instead learns to heal from its trauma and helps free the other enslaved people"

Could be a really compelling and interesting story if the author was actually interested in telling it.

Sorry fans, but your beloved blorbo isn't misguidedly retraumatizing themselves as a damaging coping mechanism they will eventually unlearn, they're simply using their own Free Will and Bodily Autonomy to continually choose to endanger themselves in the protection of others because it is part of their core biological need to have no regard for themselves or believe they have their own value as a living person, and its 'good' and 'correct' for them to have no value for their own health and well-being if they can instead throw themselves in the line of fire to protect the creators who bred them for generations to have no free will, and they has no idea this is what is causing them to continually harm their mental and physical self and simply thinks they is choosing to do this while of their own free will, while literally having no actual choice in the matter because its part of their innate biology by design, and in fact, if you want this character to have a better life where they heal from their trauma and see themselves as having value, the author actively looks down on you for violating the character-who-was-bred-to-be-a-happy-slave's free will in happily sacrificing themselves to protect their masters who literally bred them to be incapable of doing anything else.

Offline SOD Analysis And Revolutionizing Risk Assessment | Toggle Now

Unveiling Offline SAP SOD Analysis & Review Solutions for Comprehensive Security Compliance Anytime, Anywhere!

Our offline risk analysis service revolutionizes risk assessment by providing a comprehensive and secure solution that doesn’t rely on constant connectivity. This innovative service enables organizations to conduct thorough risk evaluations and Segregation of Duties (SOD) analysis without the need implementing any solution. By utilizing this offline approach, businesses can efficiently identify, evaluate, and mitigate critical risks while ensuring data security and compliance. This service empowers companies to conduct in-depth risk assessments at their convenience, offering flexibility and reliability in managing potential vulnerabilities within their SAP systems and processes.

Love the blog, just wondering what your take is on the 'Superman has a secret identity' theory that makes headlines every so often when the tabloids run out of other stories? Usually with their fave celeb as the culprit. I usually find that part in bad taste. Everyone has a right to privacy, what if a supervillain actually believes that hogwash, etc. Although as for the latest one it was great that Mr. Wane ran with it and wore blue for a week to raise money for disaster relief. If nothing else his now-viral remarks to Luthor about how 'if he was superman, your buildings would have been redesigned via accidental super fight collateral damage a decade ago, my god man hire a better architect' made for satisfying watching for LexCorp's many critics.

Luthor's the most outspoken disbeliever of that theory, maintaining that the most powerful 'man' in the world, with his own known private hideout in the Arctic, would have no reason to run around pretending to be a normal human. Bruce Wayne might be kind of a dim bulb, but he had a point when he told whatever poor sod from the Daily Planet was covering the Metropolis Spring Gala that Superman seems too personable (at least from interviews and eyewitness accounts) to be anything other than 'just some guy.'

So on the spectrum between the two billionaires what's your take? Does the Man of Steel walk amongst us? If he does, who would he even be when he's not wearing the cape?

Without even having to THINK about it very hard I would come down on Wayne's side in this particular debate just because I don't trust Lex Luthor as far as I could throw him and I have a MUCH higher opinion of Bruce Wayne as, I can imagine, does anyone with some combination of a heart, soul or a brain. As far as the hypothesis goes, it's pretty much confirmed by the Man of Steel himself. He's given multiple interviews where he has shared the outline of his origins and while most people focus on the fact that he's the last son of the lost planet Krypton what he does also say in those interviews is that he was discovered by a human couple and raised as their own in the manner of a normal human child. Now of course he has never shared ANY particular details about his 'foster parents' because any stray detail could be traced back to them but that pretty much seals the deal doesn't it? If he was raised by humans, one would imagine that he went to school, had dreams, wanted a job and a house and a social life and all those things that human beings get used to having and wanting. Anytime we don't see him directly in action we have to imagine it's because he's out there...doing whatever it is he does during the day! That being said I don't think I can, nor will I, speculate as to who or what he might be in that life behind the scenes. It's none of my business, it is none of the WORLD'S business and nothing good could ever come from finding out. What I will say is that I do not believe for a SECOND the most tired and well trodden theory on the subject.

(Bruce Wayne meeting with Daily Planet reporter Clark Kent) Daily Planet reporter Clark Kent is NOT Superman, people come on! It just doesn't add up to the facts. Clark Kent had a totally average childhood, more or less. He was born in the small hamlet of Smallville, Kansas to Jonathan and Martha Kent which is disproving enough in and of itself. Superman has stated he was obviously a foster child. Clark Kent is, by all records, his parents' biological child. There are records of his attendance of school, vaccination records, his journalism diploma, the whole nine yards. There are two main reasons this story remains so popular. In Superman's orbit he is the one who most resembles Superman...in that he is a dark haired white guy with blue eyes and a strong chin. Analysis on his posture and his gait have shown that he doesn't move or articulate like Superman as you would know if you have ever watched the man on television, read or listened to his writing or just been aware of him as a public figure in Metropolis for YEARS. I still get the Planet here in New York just because him and his wife are some of the best journalists I've ever read. And in that is the other reason, his wife, the world renowned Lois Lane who in the early years of Superman's career had a public infatuation and casual romance with the Man of Steel. Many people got very attached to this public love affair and have never quite forgiven Lane for her public "break up" with Superman in the aftermath of her engagement to Clark Kent. This is just real people shipping for all its nonsense, Kent doesn't have to be Superman for Lane to have married him. Lane and Kent have been partners in crime for basically Kent's entire career and maybe Lane just decided she loved Kent more strongly, or that Superman was unattainable, or any one of ten billion other reasons that don't have shit to do with me or anyone else. Kent and Lane's marriage has also put the inevitable final coffin in the theory with the birth of their son Jonathan who by all accounts is exactly as human as his father. Ignoring all the times and in all the ways that Superman and Kent have been filmed or photographed in the same place because Superman and Kent have been close friends for a very long time because Superman is publically very close with a large group of the Daily Planet's staff ever since his first appearance in Metropolis. Bottom line, yes, I believe that Superman spends his 'nights' as a normal human somewhere on this big blue marble. But his only distinguishing features are that he's a white man with dark hair and strong shoulders. He could hide that with a big enough coat.

A Cure For Monstrosity Masterpost

A Cure For Monstrosity is a WWDITS fancomic based loosely on a theory/analysis I had for the ending of season 5! Not quite a prediction, but still follows some of my old hopes for canon events. I will update this post as it goes!

Prologue

1- Poor Sod

2- Unnoticed

3- Procrastination

4- Tall Tales

5- Main Man

6- Brainstorming

7- Someone at the Door

8- The Plan

9- Reasons

10- Leave Him

11- Ambush

12- What's a Girl to Do?

13- Stand Your Ground

14- Come At Me

15- Here To Help

16- Confrontation

17- We're Okay

18 (Final)- Recovering

Epilogue :)

Hello, I've just read loads of your posts/metas/HCs and I love them - especially your character analysis! I have to confess my favourite has always been Tonks and after reading your post about her and Snape and how they relate to each other, I can't get out of my head how good Tonks/Snape/Lupin relationship might be! Do you have any HCs or thoughts about what a relationship for them might look like?

Please don't feel like you need to answer if this is a topic that doesn't interest you - but if it is, I'd love to know your take!

Severus and Remus both push people away from them. - Severus is a grumpy sod that pushes down emotion. He pushes people away so they can't become problems. - Remus has his grumpy sod moments - but mainly pushes people away so he can't become a problem and hurt them.

Neither of them can trust other people not to hurt them, so they close off their hearts.

Tonks is a magnet that draws people in. She is a worm, a parasite, an expert in squirming into the most protected hearts and softens them. A grumpy-sod whisperer.

- She drags the emotion out of Snape effortlessly. She is someone he knows he can (mostly) trust to be competent. - She is strong enough to resist Remus' pushing and to soothe his worries of being a burden: she can handle him. - She can adapt herself to what people need, she cares about how they feel and she won't easily fold.

Remus 🤝 Dora 🤝 Severus

Normally Severus and Remus repel eachother - but as they are softened by Tonks… they soften to eachother, too. Because deep down they have alot in common, their flaws compliment eachother - once they get past that first hurdle of actually getting to know eachother.

The one thing Tonks cant do for Severus is know what he has been through. Know what his life has been like, what he has had to do, what being naturally despised and a double-agent abandoned by everyone you love is like. What it's like to be alone. To hit rock bottom and scrape against it… and always fear losing everything and falling down there again. Remus knows that… and he loves soothing people. He loves being soft, wise, gentle - and useful.

The one thing Tonks can't do for Remus is convince him he is needed. He thinks she is biased. Capable, strong, intelligent - too good, he is dragging her down. Their whole relationship has been her trying, insisting, pleading - with small spurts of what he would call 'being weak' where he folds. But SHE can't convince him that isn't 'being weak'. Other people need to - it has to come from outside, someone he can't pass off by saying 'they don't understand the reality of his condition and situation.' His depression, anxiety and trauma makes him a little delusional. He can't just be brought to water, he needs to be FORCED to drink. (Harry did a good job of this.) Tonks can't do that. She is in the wrong position for it - and she is just a little too soft to handle him so roughly. Severus wouldn't struggle to grab him by the scruff of the neck and hold his head under. To drag him home.

- Remus is weak willed - supported by Tonks, but kept in line by Severus. Remus can't give Tonks stability in their relationship. Severus not only can - but he can enforce it. - Severus can't give Tonks an open heart, not without her working hard for it. But Remus can. - And they can draw it out of eachother - if not for themselves, then FOR HER.

Like I've always liked Snupin but struggle to see it as particularly 'domestic'. They're both standoffish. In a relationship would be interesting: finding being alone together a comfort. But with a third? With Tonks as their anchor? The foundation? Not only could they both orbit around her - I think it would bring them together better, too.

Going from bickering and only withstanding eachother in the same room for Tonks sake… ...to them both cuddled on the couch, watching a documentary or something, waiting for her to get home. They go from teasing her "What do you even see in that guy…?" To having their own slow-burn romance right infront of her.

Going from: Remus 🤝 Dora 🤝 Severus to: Dora 🤝 🤝 Remus 🤝 Severus

...and like imagine the sex

Anyway I really like poly ships for Remus - because he is such a fucking handful. He needs a whole support structure to just stay with Tonks in canon - so slipping a third, fourth, whatever into their structure just... makes sense. He is a complex guy with many issues that aren't easily supported. He can't just have a mate. He needs a pack.

A little different to the ask: but If you want a cute poly fic between Remus, Tonks, Sirius and a cute OC @black-occamy has a really sweet one on AO3 :) (I hope they don't mind me sharing it)

Viconia - Plot Support extraordinaire

Just to preface this as I don't want this to seem like I am hating on BG3 as a diehard fan of the original series because I really do love BG3. I've completed it twice now and think it will absolutely be joining my annual rotation of BG1/SOD/BG2 playthroughs but it has its problems, much in the same way that the originals themselves have problems as well.

So after my Sarevok post I wanted to treat Viconia to the same critical analysis as unfortunately I think she also gets the short end of the evil plot stick. I get it, evil characters can be hard to get right but again similar to Sarevok, in my opinion, her character regresses to evil Shar mook number one rather than actually being Viconia. Worse still she's entirely at the mercy of being wrapped up in ShadowHeart's backstory.

Anyway this is a bit of a deep dive into Viconia's issues in BG3. Spoiler warning for both BG3 and BG2.

1. No Grey DeLise.

Again, similar to Sarevok, another prolific voice actor that has done recent video game work seemingly not approached for the role. I can't help but think that some of this is down to the rushed nature of act three generally and Larian just having to get whoever they could for the job in the time that they needed it. Unlike Jaheria and Minsc there's no attempt to mimic her original VA or get someone who sounded like her so she ends up sounding completely and utterly different.

This version of Viconia sounds haughty and stuck up which while the original Viconia VA has a degree of arrogance, she is also pretty sultry. Haer'dalis even comments that she has 'the throaty voice of the most expensive courtesan' and Viconia deliberately plays on the stereotype of the sensual female drow with certain male party members for her own benefit e.g the male Bhaalspawn, Edwin, Sarevok and even Anomen (I cover this a bit here and here).

2. Her in game design...just isn't great.

Let's be honest, combined with the voice, Viconia's design basically makes her unrecognisable. She looks like a generic old drow lady to the point that I did have 'Is that meant to be Viconia?' moment when I first met her.

Now I appreciate there is minor controversy with Viconia's original BG2 portrait (which is probably the most recognisable image of her) because the artist actually used a famous porn star as the base for it.

For info, this was a common practice at Bioware at the time as they used to use lots of different images as bases for portraits. They finally got into legal trouble for it in NWN where due to various copyright claims they had to change quite a few portraits.

More recently, I think that Beamdog actually did quite a good job of recreating a faithful adaption of her original portrait in Siege of Dragonspear while presumbably navigating the original copyright issue.

In comparison to her BG3 portrayal, my first impression was she looks incredibly old. Now as far as I'm aware we've never been given a canon age for Viconia but we do know she was around for House DeVir being defeated by the Do'Urden house so she has to be at least 100 years old by the time of BG1... but her character level is between 2 and 6 (depending on the party's XP) so a relatively inexperienced cleric. With that in mind I definitely assumed she was on the younger side (maybe 200-300?). Either way 5e elves can live between 750 to 1000 years although there are instances in the Forgotten Realms books of drow living to over 2000. Now tack on the additional 120 years for BG3 in my mind it would definitely put her in the middle aged category but not necessarily anywhere near the end of her life. Critically she would be aging much slower than Jaheria but with those wrinkles she looks WAY older than her. I honestly feel cheated of an interaction between the two about how hagged and old Jaheria looks in comparison to herself.

In terms of her outfit, although initially she wears the Sharite mask and hooded outfit, which is good for concealing her identity, we eventually end up with Viconia in a spider adorned dress. This seems like a strange choice given the spider motif when she literally stopped worshipping Lloth for Shar - maybe she's being ironic? The lack of armour,when she's a cleric that knows there's a good chance she's about to have a fight seems kind of stupid. If you do choose to fight her, she then looks entirely comical in her light dress accompanied by an enormous oversized shield and mace.

For me though this really identifies her design problem: her leather armour was a critical part of her original design. Given that we only see portrait style headshots of BG characters, the decision not to include her leather corset with the three straps and the head band is really what makes her unrecognisable. It would be like removing Minsc's head tattoo or Jaheria's braids or Sarevok's armour (which even with all the problems I talked about in my post, at least he got to keep that).

My hope is that some enterprising modder out there makes a more BG2 accurate version of her in future. Larian, please give my lady her leather armour back or maybe even a justicar outfit!

3. Ignores her BG1/2 alignment, motivations and twists her original epilogue.

Now I do appreciate BG3 deliberately assumes that the events of BG1/BG2 are a little bit fluid, which Jaheria confirms this when she talks about the bards that tell stories of her slaying gods or bedding them depending on which one you listen to. But the game goes onto confirm certain events in Viconia's history that don't really make sense:

A.) The game confirms that Viconia did travel with the Bhaalspawn but not for the entirety of the game. Minsc informs you that after trying to dissect Boo she was expelled from the group. I have to admit this story didn't gel with me at all because it implies Viconia is some sort of chaotic evil idiot (reminder: Viconia is neutral evil with a 16 INT score and 18 WIS score in BG2) who would deliberately provoke a giant raging berserker man by murdering his beloved pet. Like that's the sort of thing I could see Xzar (who is completely and utterly mad) doing but not Viconia. What benefit would she get out of it? Maybe it would be a good tribute for Shar but that would be a pretty short term benefit. In fact in BG2 Viconia offers begrudging respect to Minsc for his effectiveness in battle, she knows he's powerful and she wants to be on the right side of that. Minsc for his part does what he does with many of the female characters, particularly in BG2 and makes her a proxy substitute for Dynaheir offering to protect her. That's not to say she won't insult people (Aerie and Jaheria or characters who she perceives as weak often get the brunt of it) but she's generally smart enough to stay out of an actual fight. Important to note that in any of NPC conflicts that end in a fight in BG1/2 (e.g. Kivan, Ajantis, Keldorn) it's never Viconia that's starts the fight.

B.) The Waterdeep cult.

In Viconia's epilogue, which you only get if you kept her for the end of Throne of Bhaal and you didn't romance her, Viconia goes on to do a few things which you can see below (obviously massive spoilers for BG2) :

So it feels like Larian has taken the first part of this ending but nothing else, which really leaves a lot of questions. We know Shar isn't entirely happy with Viconia based on her diary entries so why is Shar still giving powers to a woman that basically killed a whole bunch of her followers? Why is Viconia still working for a goddess that hates her? Why is she so accepting of Shar's plot to groom Shadowheart as her replacement? Why on earth hasn't Viconia got the fuck out of dodge, which is pretty much what she has been shown to do in the past? And this comes neatly onto my next point.

4. Viconia is just a plot device for Shadowheart.

I love Shadowheart and I love her arc but honestly Viconia being the Mother Superior just felt like a way of inserting her into the game in a way that didn't really fit especially when Viconia's diaries in BG3 show that she knows that Shar intends for Shadowheart to essentially replace her as one of her prominent followers/chosen. The whole plot ignores two critical points about Viconia and her backstory:

Firstly the reason Viconia left the Underdark in the first place was because she refused to sacrifice a child to Lloth and Lloth turning her brother into a drider after he saved her from being sacrificed. Now Viconia is many things, she's self serving, cruel and dedicated to her own survival at the expense of anything and anyone else (quintessential neutral evil through and through) but at the same time she threw away her position, caused the downfall of her house and got most of her family murdered to save a child. You're telling me she would then willingly go along with Shar's plan to deliberate plan to kidnap and repeatedly torture a child for YEARS whilst also training said child to replace her? My girl doesn't have many lines in the sand but harming children definitely seems like one of them. I actually wandered whether Shadowheart not liking to harm children / prefers saving them is not just about her being a secret Selunite but also a potential a hint of Viconia's influence.

Secondly, that plot seems to ignores Viconia's other primary driver, which is to survive: it's why she leaves the Underdark, it's why she travels with the Bhaalspawn, it's why she worships Shar and it's why she murders an entire cabal of Shar's followers after one person betrayed her. Now if we ignore that she has qualms about children, you're telling me that she would instead essentially train her replacement to be an amazing cleric who is 99% likely to murder her? I'm pretty sure Viconia would have tried to kill Shadowheart way before her becoming a justicar or simply skipped town as she has done before.

The alternative?

Personally I would have liked to have seen Viconia ultimately involved in a plot to overthrow the Mother Superior or maybe doing something even crazier like going after Shar herself out of revenge following her fall from grace after the events of the Waterdeep cult. Maybe she works with the Absolute to get her revenge and keep her divine powers - hell who better to help Ketheric with the Nightsong in Shar's temple then an ex priestess of Shar?

If not the Absolute then Shar's got plenty of enemies and Viconia has converted before. Maybe she could have joined the team to achieve a particular goal while giving fans of the original series the opportunity to have one of the original evil characters to join the crew. I would have loved to see the contrast with Minthara who is still fairly fresh from leaving drow society and a complete blunt instrument compared to Viconia's more subtle ways. Maybe Viconia would take the paladin under her wing, maybe introduce her to a new patron god (something I don't think is ever explained is how Minthara still retains her divine powers given neither Lloth or the Absolute are fueling them anymore). Shevarash the elven god of revenge, would be a fantastic fit for both of their back stories (which would also be a nice little throw back to Viconia's heated / sometimes fatal arguments with Kivan in BG1) presuming that Viconia could get over her disdain for the elven pantheon by that point in the timeline. The fireworks with Jaheria of course would be grand while Minsc I feel would be very conflicted given his mind's tendancy, as noted above, to sub in any female magic user as Dynaheir.

Effectively using SAP SOD analysis to meet audit needs | Offline SoD Analysis | SoD Analysis Service | Manual SoD Analysis | Quick SoD Analysis | ToggleNow

Our offline risk analysis service revolutionizes risk assessment by providing a comprehensive and secure solution that doesnt rely on constant connectivity. This innovative service enables organizations to conduct thorough risk evaluations and Segregation of Duties analysis without the need implementing any solution. By utilizing this offline approach businesses can efficiently identify evaluate and mitigate critical risks while ensuring data security and compliance. This service empowers companies to conduct in-depth risk assessments at their convenience, offering flexibility and reliability in managing potential vulnerabilities within their SAP systems and processes.

Read more: https://togglenow.com/services/offline-segregation-of-duties-analysis-review/

my theory as to why doomers exist (and how to break that mentality to be a better writer)

yesterday my sibling texted me "hey can you list me what major historical events you experienced in life for an assignment? " of course I listed the big ones like COVID and other depressing shit I went through in my life but most of the ones i listed were not super depressing. here are some of them: -the rise of steve jobs and the popularity of modern OS -the rise of smartphones -new technology completely changing the world that I thought I would never see in my lifetime, like VR and self driving cars. -massive cultural impacts such as spongebob being created affecting pop culture -the start of facebook and modern social media -pluto being declared not a planet yknow stuff on the top of my head that I thought would be interesting to write about.

then my sibling came home to tell me that most of what I sent was not helpful at all and that they meant "world events" And i asked "how the hell is the invention of the smart phone and the beginning of modern social media not considered "world events" by these standards" they said "idk just not that"

I think what they meant to say was "my teacher only wants the really depressing miserable shit the media thinks is headline worthy"

You know, I think this is why my generation is full of so many doomers. God forbid we have a positive outlook on this world and try and look at the bright side of things. god forbid we try to be optimistic for both the future and our current lives. we seem to have this thin veil of maturity that depressing=mature somehow. That the only way to make anything of nuance is to basically spam "look how shit everything is! look how enlightened I am" like you are Steve cutts.

well you know what ?

I hate art like the stuff steve cutts makes, and I hate this redundant "look how shit the world is" mentality

I plan on making an analysis post later on about Mr. Cutts, but for now let's stay on point this mentality is redundant and helps no one. yes. we do need to be aware of the bad parts of life. But being a pathetic miserable sod and ignoring the upsides is just as immature and childish as an aggressive optimist thinking the world is all sunshine and rainbows. you know why I like undertale so much ? Undertale knows when to be optimistic and has a mature take on a happy ending. Undertale ALLOWS itself to be happy. enough with the rick and morty level of writing where everything sucks and "fuck you in particular for being hopeful" only edgy 14 year olds think being depressing is the same as being mature. Maturity is understanding that there is nuance to everything and understanding that things are what they are. Do you want to be a good writer ? stop overly relying on being a sad doomer. Even the darkest writers in history like Edgar Allen Poe knew how to lighten the fuck up, because you need to understand the positives in life to effectively create dark writing.

thank you for reading this ironically negative rant, I plan to expand more on the subject later on.

EDIT

ngl i was honestly scared this post would open me up to harassment. I was genuinely terrified of attracting the psycho political crowd that treats politics like religious doctrine. first of all, shout out to this person:

I feel like this would be the perfect opportunity to talk about my struggle with depression as an artist and the stereotype behind it. the stereotype is that only the best artists are emotionally tortured people constantly struggling in agony and putting that into their art. now as someone who has been battling depression for 10 years let me tell you: that mentality is a load of horse shit. the greatest artists in history such as Van Gogh were not great artists because they were depressed they were great artists because they had a combination of passion and unique life experience. It just so happens that depression is a unique life experience to go through. being depressed does not make you deep, it just makes you feel empty and possibly sad depending on what flavor of depression you have. all the great stories about depression are not great because its about depression, but because its about the writers personal experiences and the love and hard work that went into making it. if Van gogh got treatment for his mental health issues, he would have still created art. Yes he created art as his job, but he also did it because he loved it and put his personal feelings and passion into his work. the biggest reason why I detest Steve Cutts is because there is no passion nor personal experience in his work. yes he is talented but most of his animations are just regurgitating all the bad things he could think of and nothing personal is going into it. (again I plan on making an analysis post about steve cutts sooner or later) What makes the art of Van Gogh deep and Steve Cutts as deep as a dry puddle is the fact that you can tell who put their own soul and personality into their work. heed my warning new artists and writers depression =/= deep all depression does is cripple you. Seek out life experience to be the best artist you can be.

Circumstances of Encounter: Dola Hallowrove

A list of places Hallowrove frequents and what they might be found doing there. Meant as a helpful reference for anyone looking for a premise for calling card messages or other ingame social interactions, or who wants to let me know that one would work well for me to send to them.

In-game name for social actions: Dola Hallowrove

Wolfstack Docks: Can often be found there gathering monstrous rumours and stories from zailors and dockhands, or maintaining the mechanical aspects of the Hammerhead II zubmarine. Likely to meet: Zailors, dockers, brawlers

The Medusa's Head: A favoured spot for relaxation after a long day, as well as exchanging work talk with likeminded and similarly chewed-on colleagues. (And whoever else chooses to drop in - Hallowrove is personable to a wide range of people.) Likely to meet: Menace Eradicators, Monster-Hunters, anyone else with a reason to be there

The Department of Menace Eradication: Hallowrove has no professional office, but he directs those hoping to commission him to leave a note with the front desk at the Department. He checks back semi-regularly. Likely to meet: See above + prospective monster-hunting clients

Bugsby's Marsh: Hallowrove's place of residence. She lives in a fixed-up cabin in the swamp, a 10 minute walk or so from what could be considered the city. With a little persuasion, she might be convinced to lead a guided nature tour. Likely to meet: People living nearby, tour-goers, any poor sod who got lost

The Upper River: Hallowrove's longest standing commission is with the GHR, primarily improving the stations' defenses against monsters, but finding every excuse for a wide variety of diversions along the way. Likely to meet: Rubberies, artists, railway workers, Discordant stewards, devils, anyone else riding the train

Sophia's Club: While recent attendance is spotty, can still be found on picnics or sitting in on tea meetings with the group on a quiet afternoon. Likely to meet: Monster-Hunters, fellow members of Sophia's

The Bazaar Sidestreets: A place often passed through for shopping or visiting. Likely to meet: Anyone who lives in the area, anyone who shops there

Benthic University: While Hallowrove seldom uses her own lab, she often makes stops at Benthic to deliver monstrous samples to academic friends for dissection and analysis. Her own lab work consists mainly of hobby mechanical fiddling and weapon repairs/improvements, and creation of antivenoms by trial-and-error. Likely to encounter: Correspondents, academics

Calling cards, Menace helps, teas, slights, etc. are all on the table! I have no reason to be stingy with my actions right now, so I will offer whatever helps or lessons in Dangerous I can if the need is there.

5 Hidden SAP GRC Pitfalls That Could Jeopardize Your Compliance Strategy

1. “One-Size-Fits-All” RuleSet Syndrome

Many organizations implement SAP GRC with out-of-the-box rule sets and assume they’re covered and are completely Sox/SoD compliant. The problem? Standard rule sets don’t always reflect the unique business processes and risks of an enterprise. They must be utilized as a baseline.

Example: A global company using a generic SoD rule set might flag conflicts that aren’t actually risks in their specific operations, leading to unnecessary firefighting and role redesign efforts.

What is the solution? It is always recommended to tailor the rule set to align with your business needs. Involve process owners and auditors to ensure relevance. Disable those which are not relevant and add the ones what needs to be part of the rule set. For example, your custom transaction codes.

2. Over-Reliance on Automated Controls

Yes, automation is powerful, but blindly trusting automated GRC controls without proper oversight is a recipe for disaster.

Example: Automated access reviews might seem great, but if managers are just clicking the approval button without understanding the risk, you’re inviting compliance issues.

What is the solution? Combine automation with human intelligence. Train reviewers on what they’re approving and implement periodic audits.

3. The “Too Many Firefighters” Problem

Firefighter (emergency access) access is meant for temporary, critical access. But in many companies, they become a backdoor for permanent privileged access. I’ve seen in some instances where the FFIDs have SAP_ALL, SAP_NEW assigned

Example: If every second user has firefighter access “just in case,” then what’s really being controlled?

What is the solution? Reduce firefighter usage with strict policies. Ensure that the Firefighter IDs have limited and relevant access, not SAP_ALL. Look at how often your users are asking for such access. Set expiration dates, and enforce approvals before access is granted. A detailed review is must after the usage.

4. Role Design Nightmares

Ever seen a single SAP role with 500+ transaction codes? It happens more often than you’d think. Poorly designed roles create access chaos, security risks, and audit nightmares.

Example: A company that grants “Display All” access thinking it’s harmless—only to realize some reports contain sensitive payroll data.

What is the solution? Follow a least privilege approach. Display tcodes does possess risks. Design roles based on business functions, not user demands and assumptions. And, no, giving everyone SAP_ALL is not a solution!

5. The “Check-the-Box” Compliance Trap

Many organizations treat GRC as a compliance checklist rather than a risk mitigation strategy. The result? A false sense of security.

Example: An enterprise that passes an audit but later discovers a critical access loophole exploited by an insider threat.

What is the solution? Shift from a compliance-first mindset to a risk-first approach. Ask, “What’s the real-world impact of this control?” rather than just checking off audit items.

Final Thoughts: GRC is Not Just About Tools, It’s About Mindset

SAP GRC isn’t just about implementing Access Control, Process Control, or Risk Management modules—it’s about adopting a security and compliance culture. The best GRC strategies combine technology, process rigor, and human intelligence to create a resilient, risk-aware organization.

Readmore: https://togglenow.com/blog/sap-grc-hidden-pitfalls/

Considering how common 'Mecha' and 'military mech' stuff is here on Tumblr, you might think I'd like it. But, to be honest, I can't stand that stuff.

Half of it's just my seething dislike for mechs as the prototypical military machine in so much of military fiction without any consideration for how much they suck, which rubs me entirely the wrong way. But there's also the fact that none of them care about actually using those mechs in a reasonable, rational military context. Sod all this analysis of the human condition shit, if you're gonna make a story with a military setting I'd expect you to give half a damn about making the Military side of it mean something!

A sign that I am always going to be unable to take a Marxist seriously is if they seriously believe that their political stances are purely dispassionately the result of simple science and that moral judgement simply never comes into it. To start with, it's terrifying as a stance if seriously held and true - what won't a Marxist then do, if it's all in the name of the dialectical unfolding of this ontological good we call History - but for the vast majority of Marxists I believe (and this is simply based on the Marxists I have known myself) that it's simply an arrogant pretention, an air of superiority over all the rest of us poor sods, or the product of a poor self-understanding, an insuffiscient analysis of the roots of your own stances and commitments.