Introduction. Case for SAP Cybersecurity Framework
|
|
- Edith Reeves
- 6 years ago
- Views:
Transcription
1
2
3 Agenda 3
4 Introduction Case for SAP Cybersecurity Framework
5 Current state 5 ENTERPRISE SECURITY VULNERABILITY MANAGEMENT CISO NO EFFECTIVE OVERSIGHT SAP SECURITY SEGREGATION OF DUTIES NO VISIBILITY SLIPPED THROUGH THE CRACKS SAP BASIS IT OPERATIONS PATCHING SAP SYSTEMS COMPLEXITY CIO POOR INTEGRATION MONITORING SAP SYSTEMS
6 Future state 6 CISO CIO CRO ENTERPRISE SECURITY Vulnerability Management + Asset Management + Risk Management + Secure Development SAP SECURITY Segregation Of Duties + Data Security + Secure Architecture + Secure SAP BASIS Patching SAP systems + Incident Response + Mitigation + Improvements IT OPERATIONS Monitoring SAP systems + Threat Detection + User Behavior + Data Leakage
7 History 7 EAS-SEC Gartner: Designing an Adaptive Security Architecture for Protection From Advanced Attacks Source:
8
9 SAP Cybersecurity Framework 9 Category Process Purpose Outcomes Implementation steps PREDICT Secure Development To ensure security during SAP systems development and acquisition Security Requirements Development Standards and Processes Security Plans 1. Develop basic security requirements for configuration of servers, networks, SAP applications and client stations 2. Create secure development standards and processes 3. Automate secure development processes
10 Implementation Tiers months 50% % 99% 6-12 months 12 months
11 PREDICT Understand SAP environment
12 Predict SAP Breaches 12
13 Asset Management 13 To communicate information about SAP assets, security category of the assets, rules of acceptable use and protection requirements Implementation: Create an Inventory of Assets Assess criticality of the assets Develop complete specification of the SAP systems Outcomes: Inventory of Assets Criticality Assessments Acceptable Use Requirements
14 Asset Management. SAP Systems 14 System ID Purpose Interconnected Systems System Criticality Responsib ility System Type Application Servers Clients Platform DM0 Supply chain management Internal: ERP, Internet: no; ICS: no; Partners: Partner1, Partner2 Mobile: no High John F. K. PROD :PRD SAP SCM 5.0 (NetWeaver AS 7.1 ABAP) ERP Enterprise Resource Planning Internal: HR1, HR2 Internet: no ICS: MES System Partners: no Mobile: no Low Mike. PROD :PRD SAP ECC 6.0 NetWeaver AS 7.3 ABAP CRM Customer Relationship management Internal: ERP Internet: yes ICS: no Partners: no Mobile: no Very High PROD :PRD SAP CRM 6.0 NetWeaver AS ABAP 7.0
15 How to use? Inventory of Assets 15 What information do we handle and what are the requirements? - Personal data (GDPR) - Financial information (GLBA) - Customer data, Contracts, Marketing How to plan and carry out security activities? - Patch Management - Risk Management - Vulnerability Management - Compliance What to secure in SAP? o SAP services: MMC, SAP Host Control can t be found in SOLMAN, 30+ o SAP components (CRM, BW, FI, ) set of ABAP programs, transactions and reports, 100+ o Web Applications, 1000+
16 Business Environment 16 To provide SAP business context, ensure cybersecurity continuity of SAP systems and address cybersecurity in supplier relationships Implementation: Identify business context Prepare SAP Continuity Plans Maintain supplier catalogue Outcomes: Business Context SAP Continuity Plans Supplier Catalogue
17 Business Environment. Business Impact Analysis 17 Process Stakeholder SAP System Outage Impacts Estimated Downtime Pay vendor invoice Joseph R. ERP Costs: $ / day Operations: moderate Image: moderate MTD RTO RPO 72 hours 48 hours 12 hours (last backup) Hire to retire Dorothy F. HR Image: High 72 hours 48 hours 12 hours (last backup)
18 Supplier Risks 18 Do you know if your suppliers are protecting your company s sensitive data as diligently as you do? Require suppliers to implement specific SAP security controls Review data flows (RFC, XI, DB, SOAP, HANA DB, )
19 Governance 19 To develop cybersecurity policies, roles, responsibilities and procedures to ensure SAP cybersecurity is understood and integrated to organization operational and management processes Implementation: Establish SAP Cybersecurity Policy Develop SAP security processes Implement control procedures Outcomes: SAP Cybersecurity Policy SAP Security Processes Control Procedures
20 Governance Structure 20
21 Vulnerability Management 21 To provide cybersecurity assurance in SAP systems by assessing vulnerabilities and reducing attack vectors Implementation: Regularly perform SAP security audits and penetration testing Repeatedly scan SAP systems for vulnerabilities, recommend and track remediations Monitor vulnerabilities, remediations and threats online from public and private sources and threat intelligence feeds Outcomes: Scan Plans Scan Profiles Remediation Plans
22 Vulnerability Management. Analysis 22 Remediation constraints: complete within 3 months address vulnerabilities with high risk remediation types: no kernel patch Priority: - ease of exploitation: availability of public exploit, need for preparation, need for credentials with special rights, etc. - impact of a successful exploitation: full disclosure and OS-level access or just revealing of technical data? - prevalence of the vulnerability among SAP systems - importance of the SAP systems with the vulnerability.
23 Vulnerability Management. Remediation Plan 23 Remediation Priority Vulnerability Vulnerability Risk Remediation Type Remediation 1 SSEA_ : External RFC server registration An attacker can use an insecure RFC configuration for registering his own RFC server. As result he will be able to control and intercept client requests as well as to copy and change information High Update configuration Effort level: medium (~2d, downtime 4h) To resolve this issue, it is recommended to configure the RFC server correctly Links: RFC/ICF Security Guide 2 SSCA_00130: SSL encryption for ICM connections Medium Update configuration Set the icm/server_port_nn parameter to PROT=HTTPS instead of PROT=HTTP to decrease the possibility of an unauthorized access No encryption of network connection may lead to interception of transmitted data, thus to an unauthorized access. The HTTP protocol transmits all authentication data as a plain text, which allows to intercept it easily with the spoofing attack. Effort level: easy (~4h, downtime 2h) 3 SSCA_00223: Central application server that maintains the system log Incorrect permissions on this file in the operating system can allow an attacker to modify the contents of the file in such a way to hide his tracks. Medium Update configuration Effort level: easy (~4h, downtime 2h) The administrator of the operating system must correctly set the access rights to the file according to the principle of least privileges. Links: BOOK "Security, Audit and Control Features (SAP ERP 3rd edition)" p. 413 check DOC rslg/collect_daemon/host - Central Log Host
24 Risk Management 24 To make decisions on addressing possible adverse impacts from the operation and use of SAP systems Implementation: Create threat model for SAP systems Assess likelihoods and estimate business impacts of cybersecurity risks Automate risk management and develop risk response plans Outcomes: Threat Model Risk Register Risk Responds
25 From SAP to Plant 25
26 Risk Management. Oil & Gas ERP Risks 26 SAP Module Asset Threat Consequences SCM Supply chain schema Rerouting supply chain HRM PM MII SCM HR data Oil and gas mining systems control data Field data Midstream and downstream assets Stealing employees data (personal, salary, experience, etc.) Disrupting SCADA logic and processes Stealing coordinates and volumes of exploratory and production wells Stealing information about equipment and transportation Theft of crude oil and refined products Identity theft, headhunting Service outage, equipment damage, workers injuries Losing competitive advantage Facilitating theft and sabotage PP Production line control data Disrupting SCADA logic and processes Production suspension SD Prices Stealing price formation schemas Losing partners FICO Finance transactions Creating fraud transactions Monetary losses
27 Secure Development 27 To ensure security during SAP systems development and acquisition Implementation: Develop basic security requirements to configuration of servers, networks, SAP applications and endpoints Create secure development standards and processes Automate secure development processes Outcomes: SAP Security Requirements Development Standards and Processes Security Plans
28 Secure Development. Code Vulnerability Usage 28 Type Cause Exploiter Code Injections Security ignorance Hackers Backdoors Missing authorization checks Obsolete statements Desire to simplify development Intent to control a system Negligence Natural obsolescence of code Developers Insiders Administrators (unintentionally)
29
30 Predict SAP Breaches 30
31 Further actions How to use SAP Cybersecurity Framework?
32 For Industry Assess your SAP security capabilities 2. Make business case for SAP security initiative 3. Conduct SAP security audit 4. Ensure compliance of SAP systems with GDPR/GLBA/PCI DSS requirements 5. Implement & automate relevant SAP security processes
33 For Consulting Include SAP systems in scope of your existing services GDPR audit ISMS implementation for SAP systems in scope Threat detection and SAP SIEM integration 2. Prove your selling proposition is unique with ROI of SAP security 3. Create a 360-degree image of an SAP security provider
34 34
35 Professional Services 35 Predict SAP data breach SAP Penetration Testing SAP Security Audit SAP Vulnerability Management as a Service
36 Thank you 36 Rex Tumminia Director of Sales, North America USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA Phone Michael Rakutko Head of Professional Services Join our group linkedin.com/groups/ Join our webinars erpscan.com/category/press-center/events/ Subscribe to our newsletters eepurl.com/bef7h1 EU: Luna ArenA 238 Herikerbergweg, 1101 CM Amsterdam Phone erpscan.com
Landscape Deployment Recommendations for SAP Customer Activity Repository (CAR) and SAP CAR Application Bundle (CARAB)
Landscape Deployment Recommendations for SAP Customer Activity Repository (CAR) and SAP CAR Application Bundle (CARAB) New Rollout Channel The rollout channel for publishing landscape deployment recommendations
More informationBelieve in a higher level of IT Security SECUDE Business White Paper. How to Improve Business Results through Secure Single Sign-on to SAP
Believe in a higher level of IT Security SECUDE Business White Paper How to Improve Business Results through Secure Single Sign-on to SAP Executive Summary CIOs and IT managers face tremendous demands
More informationSupplier Security Directives
Page 1 (8) Supplier Directives 1 Description This document (the Directives ) describes the security requirements applicable to Suppliers (as defined below) and other identified business partners to Telia
More informationSAP Enterprise Threat Detection Overview & Roadmap. Martin Plummer, SAP SE November 2016
SAP Enterprise Threat Detection Overview & Roadmap Martin Plummer, SAP SE November 2016 Disclaimer The information in this document is confidential and proprietary to SAP and may not be disclosed without
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE VULNERABILITY MANAGEMENT BUYER S GUIDE 01 Introduction 2 02 Key Components 3 03 Other Considerations 10 About Rapid7 11 01 INTRODUCTION Exploiting weaknesses in browsers,
More informationTop 10 SAP audit and security risks
Top 10 SAP audit and security risks Securing your system and vital data Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 SAP is a functional enterprise resource planning
More informationTop 10 SAP audit and security risks: Securing your system and vital data
Top 10 SAP audit and security risks: Securing your system and vital data Prepared by: Luke Leaon, Manager, McGladrey LLP 612.629.9072, luke.leaon@mcgladrey.com Adam Harpool, Supervisor, McGladrey LLP 212.372.1773,
More informationThe IT Risk Environment and Data Analytics. Parm Lalli Director, Focal Point Data Risk, LLC
The IT Risk Environment and Data Analytics Parm Lalli Director, Focal Point Data Risk, LLC Parm Lalli Director, Data Analytics Focal Point Data Risk, LLC Parm is a Director with Sunera and leads our national
More informationTop 5 Must Do IT Audits
Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference www.ahia.org Background on Sharp HealthCare Sharp s Co-sourcing
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationIntroduction to SAP. SAP University Alliances Version 2.20 Author Stefan Weidner. Product SAP ERP 6.0 EhP4. Level Beginner
SAP University Alliances Version 2.20 Author Stefan Weidner Introduction to SAP Product SAP ERP 6.0 EhP4 Level Beginner Abstract This teaching material is intended to explain how the fundamental business
More informationAzure IoT Suite. Secure device connectivity and management. Data ingestion and command + control. Rich dashboards and visualizations
Azure IoT Suite Secure device connectivity and management Data ingestion and command + control Rich dashboards and visualizations Business workflow integration Move beyond building blocks with pre-configured
More information360 Production Awareness: Reporting and Analytics for SAP Manufacturing. Salvatore Castro, Satheesh Gannamraju
360 Production Awareness: Reporting and Analytics for SAP Manufacturing Salvatore Castro, Satheesh Gannamraju LEARNING POINTS Understand SAP Manufacturing solutions - MII Get an overview of the Reporting
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More information[ Cyber Security Continuity of SAP Operations Compliance ] C-Forge 2017
[ Cyber Security Continuity of SAP Operations Compliance ] C-Forge 2017 Virtual Forge Security and Quality Suite Road to Green the Successful Approach for Protecting SAP Landscapes Assess: Our tool-supported
More informationSAP Road Map for Governance, Risk, and Compliance Solutions
SAP Road Map for Governance, Risk, and Compliance Solutions Q4 2016 Customer Disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the
More informationSAP Strategy. RYU, SEYUL / SAP Korea
SAP Strategy RYU, SEYUL / SAP Korea Agenda I. What Will Market need II. Collaboration III. Enterprise Service Architecture IV. xapps V. SAP Solution for New Business SAP Korea 2003, SAP Strategy, RYU,
More informationTOP 6 SECURITY USE CASES
Solution Brief: Top 6 Security Use Cases for Automated Asset Inventory page 1 SOLUTION BRIEF TOP 6 SECURITY USE CASES for Automated Asset Inventory Solution Brief: Top 6 Security Use Cases for Automated
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationLandscape Deployment Recommendations for SAP Assurance and Compliance Software for SAP S/4HANA. SAP SE November 2017
Landscape Deployment Recommendations for SAP Assurance and Compliance Software for SAP S/4HANA SAP SE November 2017 Disclaimer This presentation outlines our general product direction and should not be
More informationCyber Security - a New Challenge for Production (Management) Heiko Wolf, Manager R&D Program PSImetals FutureLab
Cyber Security - a New Challenge for Production (Management) Heiko Wolf, Manager R&D Program PSImetals FutureLab The Challenge Complexity of IT-Systems is rising Landing on the moon with 7.500 lines of
More informationSAP Product Road Map SAP Identity Management
SAP Product Road Map SAP Identity Management Road Map Revision: 2016.09.15 Customer Template Revision: 20160104 v4.1 Legal disclaimer The information in this presentation is confidential and proprietary
More informationSOLUTION BRIEF RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK
RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK BENEFITS ACT WITH INSIGHTS Identity has emerged as today s most consequential
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationFILE - SAP APO ONLINE EBOOKS EBOOK
02 February, 2018 FILE - SAP APO ONLINE EBOOKS EBOOK Document Filetype: PDF 356.57 KB 0 FILE - SAP APO ONLINE EBOOKS EBOOK For APO Certification Materials Contact:sap.books4you@gmail.com. Over 150 Certification
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016
ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016 Charles J. Brennan Chief Information Officer Office of Innovation and Technology 1234 Market
More informationWhite Paper. Veritas Configuration Manager by Symantec. Removing the Risks of Change Management and Impact to Application Availability
White Paper Veritas Configuration Manager by Symantec Removing the Risks of Change Management and Impact to Application Availability By Brian Babineau Analyst Intelligent Information Management February
More informationhttps://www.e-janco.com
E-mail: support@e-janco.com https://www.e-janco.com Summary Table of Contents IT INFRASTRUCTURE, STRATEGY, AND CHARTER SUMMARY...1 Benefits of IT Infrastructure Management...1 Base Assumptions and Objectives...2
More informationLandscape Management (LaMa 3.0) Kishan Vimalachandran, Digital Business Services, SAP
Landscape Management (LaMa 3.0) Kishan Vimalachandran, Digital Business Services, SAP Customer Challenge IT complexity slows down business innovation 28% Drive business innovation 72% Keeping the lights
More informationIT Audit Process. Michael Romeu-Lugo MBA, CISA March 27, IT Audit Process. Prof. Mike Romeu
Michael Romeu-Lugo MBA, CISA March 27, 2017 1 Agenda Audit Planning PS 1203 / PG 2203 Evidence PS 1205 / PG 2205 References: ITAF 3 rd Edition Information Systems Auditing: Tools and Techniques Creating
More informationSAP HANA Cloud Connector Solution Brief
SAP HANA Cloud Connector Solution Brief Applies to: SAP HANA Cloud Connector, SAP HANA Cloud Platform Summary This document is a solution brief about the SAP HANA Cloud connector, the secure and reliable
More informationCubeware Connectivity for SAP Solutions
Cubeware Connectivity for SAP Solutions Clever BI connector for SAP SAP certification Adapter for SAP Business Suite and SAP Business All-in-One Powerful results without programming OLE DB interface Complete
More informationRSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion
More informationSAP NetWeaver Service Select for Master Data Management. Tuesday October 26 th 2004
SAP NetWeaver Service Select for Master Data Management Tuesday October 26 th 2004 SAP Service Select From SAP Consulting Greg Tomb Senior Vice President and General Manager SAP Consulting SAP America
More informationTitle: HP OpenView Configuration Management Overview Session #: 87 Speaker: Loic Avenel Company: HP
Title: HP OpenView Configuration Management Overview Session #: 87 Speaker: Loic Avenel Company: HP What we will cover in this session What is the HP OpenView configuration management solution for enterprises?
More informationSAP HANA Enterprise Cloud Power of Real Time with Simplicity of the Cloud
SAP HANA Enterprise Cloud Power of Real Time with Simplicity of the Cloud Today s reality In a world of accelerated change, what are common customer challenges and potential outcomes? Business change is
More informationCloud Computing in the Industrial Space
Cloud Computing in the Industrial Space John Bradley Manufacturing & Resources Industry Development Manager Microsoft Australia Tim Sowell Invensys Fellow/ Software Strategy Invensys 2010 Invensys. All
More informationLogLogic. Open Log Management. LogLogic LX and LogLogic ST for Enterprise. LogLogic LX Enterprise- Class Log Data Capture and Processing
LogLogic Open Log Management LX and ST for Enterprise Driven by compliance, security, and limited personnel and budget, CIOs and IT departments are turning to the LogLogic Open Log Management solution
More informationmysap Product Bundles
Decision Framework, A.Bona,J.Disbrow,D.Prior Research Note 17 December 2003 Dodge the Licensing Pitfalls in mysap's Product Bundles Many Gartner clients are mystified by the complexity of SAP's product
More informationCOURSE LISTING. Courses Listed. with Change & Transport (CST) 1 January 2018 (06:54 GMT) SAPTEC - SAP NetWeaver Application Server Fundamentals
with Change & Transport (CST) Courses Listed SAPTEC - SAP NetWeaver Application Server Fundamentals ADM100 - SAP S/4HANA SAP Business Suite 1 ADM325 - SAP S/4HANA SAP Business Suite ADM328 - SAP S/4HANA
More informationAn all-in-one risk management platform delivering fraud detection, transactions screening and customer due diligence capabilities
CGI Centaur An all-in-one risk management platform delivering fraud detection, transactions screening and customer due diligence capabilities What is CGI Centaur? CGI Centaur is a versatile and complex
More informationITIL Intermediate Capability Stream:
ITIL Intermediate Capability Stream: OPERATIONAL SUPPORT AND ANALYSIS (OSA) CERTIFICATE Sample Paper 2, version 6.1 Gradient Style, Complex Multiple Choice SCENARIO BOOKLET This booklet contains the scenarios
More informationRisk Management For and By the BOT. Secured BOT Series
Secured BOT Series 2018 Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How
More informationExternal Supplier Control Obligations. Information Security
External Supplier Control Obligations Information Security Version 7.0 December 2016 Control Area / Title Control Description Why this is important Roles and Responsibilities The Supplier must define and
More informationOutsourcing, SaaS & Clouds: Aber sicher! ( und compliant)
Outsourcing, SaaS & Clouds: Aber sicher! ( und compliant) Prof. Dr. Jan Jürjens Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de Security is the Major Issue
More informationSAP Hybris Commerce, cloud edition and SAP Hybris Commerce, Edge cloud edition Supplemental Terms and Conditions
SAP Hybris Commerce, cloud edition and SAP Hybris Commerce, Edge cloud edition Supplemental Terms and Conditions These supplemental terms and conditions (the Supplement ) are part of an agreement for certain
More informationDeployment Recommendations for SAP Fiori Front-End Server & SAP Fiori Cloud
Deployment Recommendations for SAP Fiori Front-End & SAP Fiori Cloud December 2017, SAP SE Change Log Version February 2017 July 2017 October 2017 December 2017 Changes Smaller updates S/4HANA option added;
More informationD A N I E L G R A V E R S E N
D A N I E L G R A V E R S E N PERSONAL INFORMATION Degree Company Email Nationality SAP Senior Consultant Master of Engineering Diploma in business administration Figaf ApS Denmark DGR@FIGAF.COM Danish
More informationPrimavera Analytics and Primavera Data Warehouse Security Overview
Analytics and Primavera Data Warehouse Security Guide 15 R2 October 2015 Contents Primavera Analytics and Primavera Data Warehouse Security Overview... 5 Safe Deployment of Primavera Analytics and Primavera
More informationEnergy Industry Challenges
Energy Industry Challenges Global economic crisis; severe hurdles to capital-raising Extreme energy price volatility and uncertainty Backlash from energy consumers Urgent need to achieve energy independence
More informationThementag SAP Solution Manager Steckbriefe Monitoring Arten
Thementag SAP Solution Manager Steckbriefe Monitoring Arten Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation
More informationSecurity Monitoring Service Description
Security Monitoring Service Description Contents Section 1: UnderdefenseSOC Security Monitoring Service Overview 3 Section 2: Key Components of the Service 4 Section 3: Onboarding Process 5 Section 4:
More informationThird - Party Governance Done Right. Brenda Ward Director - Global Information Security
Third - Party Governance Done Right Brenda Ward Director - Global Information Security May 13, 2015 BUSINESS RISK FORMS THIRD PARTY UNIVERSE LAW FIRMS THIRD PARTY GOVERNANCE egrc TRACKING TOOL CATEGORY
More informationCloud Service Model. Selecting a cloud service model. Different cloud service models within the enterprise
Cloud Service Model Selecting a cloud service model Different cloud service models within the enterprise Single cloud provider AWS for IaaS Azure for PaaS Force fit all solutions into the cloud service
More informationInternal Audit Report. Post Implementation Review PeopleSoft Accounts Payable TxDOT Internal Audit Division
Internal Audit Report Post Implementation Review PeopleSoft Accounts Payable TxDOT Internal Audit Division Objective To determine if the Oracle PeopleSoft Accounts Payable system is providing effective
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Hardward Device Hardware Device Inventory provides the Enterprise with the methods and schema necessary to identify
More informationSAP R/3. Enterprise Resource Planning (ERP) System. Reasons for Implementing ERP SAP. ERP Systems. Intro to
Intro to SAP R/3 Enterprise Resource Planning (ERP) System Computer system that integrates application programs in accounting, sales, manufacturing, and other functions in the firm Enterprise-wide resources
More informationCHAPTER 9 Electronic Commerce Software
CHAPTER 9 Electronic Commerce Software 2017 Cengage Learning. May not be scanned, copied or duplicated, or posted to a. publicly accessible website, in whole or in part, except for use as permitted in
More informationSAP and SharePoint Coexistence:
SAP and SharePoint Coexistence: Information Crisis or Business Solution? August 2010 Magic Software is a trademark of Magic Software Enterprises Ltd. All other product and company names mentioned herein
More informationEnterprise Technology Governance & Risk Management Framework for Financial Institutions
Enterprise Technology Governance & Risk Management Framework for Financial Institutions Issued vide BPRD Circular No. 05 dated May 30, 2017 Banking Policy & Regulations Department 2 Enterprise Technology
More informationThis topic focuses on how to prepare a customer for support, and how to use the SAP support processes to solve your customer s problems.
This topic focuses on how to prepare a customer for support, and how to use the SAP support processes to solve your customer s problems. 1 On completion of this topic, you will be able to: Explain the
More informationSAP HANA Enterprise Cloud Power of Real Time Computing with Simplicity of the Cloud
SAP HANA Enterprise Cloud Power of Real Time Computing with Simplicity of the Cloud Michael Ovens HEC Sales MENA 14 th April 2015 Why Companies are moving to SAP HANA CLOUD SOLUTIONS Pressure on IT and
More informationMinimizing fraud exposure with effective ERP segregation of duties controls
Minimizing fraud exposure with effective ERP segregation of duties controls Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 Adam Harpool, Manager, RSM US LLP adam.harpool@rsmus.com,
More informationThe CipherTrust Cloud Key Manager for Software-as-a-service
Enterprise Strategy Group Getting to the bigger truth. Solution Showcase The CipherTrust Cloud Key Manager for Software-as-a-service Date: December 2017 Author: Doug Cahill, Senior Analyst; and Leah Matuson,
More informationSAP UNIVERSITY ALLIANCES ACADEMIC CONFERENCE INDIA 2010
SAP UNIVERSITY ALLIANCES ACADEMIC CONFERENCE INDIA 2010 Introduction to SAP ERP SAP ERP 6.0 Global Bikes Incorporation Trainer: Prof. Aradhana Gandhi, Symbiosis Centre for management and HRD, Pune Course
More informationPCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS
TRAILS INSIDERS LOGS MODEL PCI Compliance What It Is And How To Maintain It PCI COMPLIANCE WHAT IT IS AND HOW TO MAINTAIN IT HACKERS APPS BUSINESS PCI AUDIT BROWSER MALWARE COMPLIANCE VULNERABLE PASSWORDS
More informationThe certification test "Application Associate - Financial Accounting (FI) with verifies fundamental knowledge and proven skills in
SAP Certified Application Associate - Financial Accounting (FI) Course Code: TFIN52 The certification test "Application Associate - Financial Accounting (FI) with verifies fundamental knowledge and proven
More informationIBM QRadar on Cloud. The amount payable for the IBM SaaS is specified in a Transaction Document.
IBM Terms of Use SaaS Specific Offering Terms IBM QRadar on Cloud The Terms of Use ( ToU ) is composed of this IBM Terms of Use - SaaS Specific Offering Terms ( SaaS Specific Offering Terms ) and a document
More informationANNEX 2 Security Management Plan
ANNEX 2 Page 1 of 24 The following pages define our draft security management plan (a complete and up to date shall be submitted to The Authority within 20 days of contract award as per Schedule 2.4, para
More informationVol. 2 Management RFP No. QTA0015THA General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS)
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) or more test data sets provided by GSA and demonstrate how we meet the specified BSS acceptance criteria through the test
More informationBROKER-DEALERS. Protegent CAT for broker-dealers
BROKER-DEALERS Protegent CAT for broker-dealers 2 Protegent CAT for broker-dealers Are you ready for CAT? The implementation of the Consolidated Audit Trail (CAT) may well kick off one of the largest and
More informationInfor CloudSuite solutions Flexible, proven solutions designed for your industry. Infor CloudSuite
solutions Flexible, proven solutions designed for your industry 1 Unlock your full potential with Cloud technologies can offer your business a degree of agility and path to rapid growth that simply wasn
More informationFederal Financial Supervisory Authority (BaFin)
Cover sheet: Supervisory Requirements for IT in Financial Institutions (Bankaufsichtliche Anforderungen an die IT BAIT) in the version of 3 November 2017 Please note: This English version is provided for
More informationERP SYSTEM IN VIRTUALIZED PRODUCTION ENVIRONMENT
DOI: 10.1515/SBEEF-2016-0018 ERP SYSTEM IN VIRTUALIZED PRODUCTION ENVIRONMENT D. C. SPOIALĂ 1, H.M. SILAGHI 1, V. SPOIALĂ 1, A. CACUCI 2 1 Department of Control Systems Engineering and Management, Faculty
More informationORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE
ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE Advanced Access Controls (AAC) Cloud Service enables continuous monitoring of all access policies in Oracle ERP, potential violations, insider threats and
More informationInformation Technology for Business
Information Technology for Business Business Essentials 9e Ebert/Griffin chapter thirteen After reading this chapter, you should be able to: 1. Discuss the impacts information technology has had on the
More informationPurchase Requisition and other processes optimizations Jaime González Melly Los Portales S.A. (Lima, Perú)
Purchase Requisition and other processes optimizations Jaime González Melly Los Portales S.A. (Lima, Perú) Los Portales S.A. 50% 50% México Perú 55 Projects 6 Hotels, 6 Cities 3 Strip Mall 172 Parking
More informationChapter 6. Supporting Processes with ERP Systems. Copyright 2015 Pearson Education, Inc. 6-1
Chapter 6 Supporting Processes with ERP Systems Copyright 2015 Pearson Education, Inc. 6-1 Learning Objectives Q1. What problem does an ERP system solve? Q2. What are the elements of an ERP system? Q3.
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to build and operate security operations centers (SOC) of any size (large, med,
More informationInfor Cloverleaf Integration Suite
Healthcare Infor Cloverleaf Integration Suite With the Infor Cloverleaf Integration Suite, you ll have an end-to-end integration platform that addresses the fundamental obstacles to healthcare integration,
More informationSession 2.9: Tivoli Process Managers
Session 2.9: Tivoli Process Managers Marcus Boone Market Manager Agenda IT Challenge and IT Service (ITSM) Strategy ITSM Architecture and Design Process Managers Change Configuration Release IT Service
More informationSnow optimizer for SAP software
Snow optimizer for SAP software Optimize SAP licensing and reduce financial exposure from a single integrated console INTRODUCTION With a complex range of licensing options and lack of in-built optimization
More informationService Business Plan
Service Business Plan Service Name Information Technology Service Type Internal Service Owner Name Christine Swenor Budget Year 2017 Service Owner Title Service Description Director of IT Services An internal
More informationIT Board Update Portland Community College 2017 Office of the CIO
IT Board Update Portland Community College 2017 Office of the CIO 1 Agenda 1. IT Strategy 2. InfoSec: Defense in Depth (DiD) 3. Portfolio Management Appendix: IT Strategy Additional Slides 1 IT Strategy
More informationBusiness Risk Intelligence
Business Risk Intelligence Bringing business focus to information risk It s a challenge maintaining a strong security and risk posture. CISOs need to constantly assess new threats that are complex and
More informationSAP and OpenText Documentum Integration
SAP and OpenText Integration Providing a Seamless, Employee Self-Service Information System By William Hunton, Architect, and Yugandhar Sabbani, Sr. Engineer Armedia, LLC, http://www.armedia.com, October
More informationSAP TRAINING CURRICULUM. Cost Center Accounting Configuration and Basic Settings. Profitability Analysis: Configuration and Reporting Strategies
SAP TRAINING CURRICULUM Financials (FI/CO) Cost Center Accounting Configuration and Basic Settings Profitability Analysis: Configuration and Reporting Strategies General Ledger Configuration and Organization
More informationPolicy Outsourcing and Cloud-Based File Sharing
Policy Outsourcing and Cloud-Based File Sharing Version 3.3 Table of Contents Outsourcing and Cloud-Based File Sharing Policy... 2 Outsourcing Cloud-Based File Sharing Management Standard... 2 Overview...
More informationMobility, Smart Devices, BYOD Do You Have a Solution & Strategy?
Steven Scheurmann- Sales Leader, Asia Pacific & Japan, Endpoint & Mobility 스마트보안 Mobility, Smart Devices, BYOD Do You Have a Solution & Strategy? Mobile is an enterprise priority Growth in Internet Connected
More informationProtecting your Crown Jewels IBM Security
Protecting your Crown Jewels IBM Security March 22, 2016 Howie Hirsch Senior IT Specialist IBM Security hshirsch@us.ibm.com Agenda Introductions Protect critical assets Mainframe information Enterprise
More informationImplementing B2MML with SAP
Presented at the World Batch Forum North American Conference Chicago, IL May 16-19, 2004 900 Fox Valley Drive, Suite 204 Longwood, FL 32779-2552 +1.407.774.0207 Fax: +1.407.774.6751 E-mail: info@wbf.org
More informationUnderstanding GxP Regulations for Healthcare
Understanding GxP Regulations for Healthcare GxP Guidelines What is GxP? GxP is a collection of quality guidelines and regulations created to ensure that bio/pharmaceutical products are safe, meet their
More information7 STEPS TO BUILD A GRC FRAMEWORK ALIGNING BUSINESS RISK MANAGEMENT FOR BUSINESS-DRIVEN SECURITY
WHITEPAPER 7 STEPS TO BUILD A GRC FRAMEWORK ALIGNING BUSINESS RISK MANAGEMENT FOR BUSINESS-DRIVEN SECURITY CONTENTS Defining Business-Driven Security 3 Challenges to a Business-Driven Security Approach
More informationScott Lowden SAP America Technical Solution Architect
SAP NetWeaver Training Overview - SAP Exchange Infrastructure Scott Lowden SAP America Technical Solution Architect NetWeaver Components Detail Exchange Infrastructure SAP AG 2003, Title of Presentation,
More informationCertified Identity Governance Expert (CIGE) Overview & Curriculum
Overview Identity and Access Governance (IAG) provides the link between Identity and Access Management (IAM) rules and the policies within a company to protect systems and data from unauthorized access,
More informationLeverage T echnology: July 19 th, 2013 Adil Khan. Move Your Business Forward. Copyright. Fulcrum Information Technology, Inc.
Life After ERP Go-Live: Navigating to Nirvana Learn how leading organizations are utilizing Advanced Controls to make systematic improvements in their ERP systems to achieve expected benefits of ERP systems
More informationEnterprise Systems. ATI - Antonius Rachmat C
Enterprise Systems ATI - Antonius Rachmat C Data, Information, Knowledge Data, or raw data: refers to a basic description of products, customers, events, activities, and transactions that are recorded,
More information