Scribd
Upload
70 views8 pages

Protecting Information Assets:: A SAP Customer's Perspective

The document outlines approaches to protecting information assets from an SAP customer's perspective. It discusses implementing controls across people, processes, technology, and data. This includes defining processes and standards, engaging users, identifying risks, and establishing assurance testing. The technology shield focuses on change control, user access, and log management to prevent, detect, and respond to issues. A human shield of phishing simulations, training, and communities helps engage users. Finally, an effective security roadmap addresses both technical measures and human factors like awareness to optimize protection.

Uploaded by

flaviolink2466
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
70 views8 pages

Protecting Information Assets:: A SAP Customer's Perspective

The document outlines approaches to protecting information assets from an SAP customer's perspective. It discusses implementing controls across people, processes, technology, and data. This includes defining processes and standards, engaging users, identifying risks, and establishing assurance testing. The technology shield focuses on change control, user access, and log management to prevent, detect, and respond to issues. A human shield of phishing simulations, training, and communities helps engage users. Finally, an effective security roadmap addresses both technical measures and human factors like awareness to optimize protection.

Uploaded by

flaviolink2466
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Protecting Information Assets:

A SAP Customer’s Perspective

Gerald West
09/05/2019

1
Agenda

• Introduction – 5
• Controls Approach - 5
• Technology Shield - 10
• Human Shield - 5
• Security Roadmap - 5
• Questions - 5

2
Securing SAP - Controls Approach
Dimensions Initiatives

E Define and optimise processes, policies and


Define standards
N
People
A Engage Engage and Educate User Community

B
Simplify Make it Easy To Do The Right Thing
L
Process Identify and Manage Risks, Issues and
E Know Control Mechanisms
E
Implement and Maintain Effective Controls
X Control (including Functionality)
Technology
E
Establish Robust Assurance , Audit and
C Assure Testing Processes
U
Data Analyse Controls Environment and Detect
T Report Exceptions
E

3
Securing SAP – The Technology Shield
Prevent Detect Respond

C
Levers Methodology
O
N
Change Control Prepare N
E
N
T Analyse
User Access E
W
Resolve C
O Settings & Configuration T
R Sustain
I
K Programs & software
Embed O
N
S
LOG MANAGEMENT

4
Securing SAP – The Human Shield

Campaigns Content

Phishing Simulations Training courses


Major campaigns Educational videos
Mini campaigns Articles

Communities
Communication

Breaking news Advocates


Urgent instructions Practitioners
Phishing reporting End users (e.g. Yammer)

5
Security Roadmap

Themes Protecting value

Business Process Improvement Optimise Business processes


Engagement Engage security stakeholders

Security Technology Exploit Security technology


Cyber Risk Management Manage Cyber risk
Assurance & Audit Leverage Audit & assurance
Reporting & Monitoring
Drive smart Reporting & monitoring
Education & Awareness
Enhance Education & awareness
Data Protection
Manage Data protection

CSI – Clarity, Simplicity, Integrity

6
Summary/ Key Points

• Securing SAP touches on all 4 dimensions of People, Process,


Technology and Data

• Manage Change Control, User Access, Settings & Configuration and


Programs & Software as the levers of your Technology Shield

• Some of these measures can increasingly be bypassed through social


engineering e.g. phishing attacks

• Improve your phishing resistance, raise security awareness and


encourage user communication to strengthen your Human Shield

• Create a Security Roadmap that addresses both the Technology and


Human shields

7
Questions?

You might also like