Summary – SAP Security Assessment
Triple EEE IT Services will assess the security and compliance of your SAP Systems against the de-facto in-dustry standard of the SAP Security Baseline. The SAP Security Baseline defines a minimum set of security requirements to keep your business-critical SAP systems secure with regards to SAP parameters, specific settings, users and their access rights. The assessment also checks if components like the kernel, application layer, database layer and operating system layer are on a current version. The assessment delivers a clearly structured report and is invaluable input to your SAP risk posture.
Cyber security and legal compliance are critical capabilities for any organization in the light of ever evolving cyber threats and increasing regulatory pressures.
SAP Systems are at the core of any organisation, and are often critical to the business.
Traditionally, SAP Security efforts have focused on access controls & segregation of duties. However, SAP Systems are very complex and a holistic end-to-end approach of the entire technology stack is needed to protect your SAP Systems against Cyber attacks.
SAP Developed the SAP Security Baseline in 2014/15 on request of a number of large SAP customers , as a way to give businesses an consistent way of implementing SAP Security. SAP has continued to update the SAP Security Baseline since, releasing new versions (v2.2 in 2020), and providing additional tooling to validate the configuration.
The assessment will be conducted through a review of SAP system parameters, technical and process documentation, interviews with stakeholders inside and outside your security and compliance function, and – optional – technical assessments and penetration testing of your SAP systems.
The assessment will be carried out by deep experts with a minimum of 15 years relevant experience in governance, operations, and SAP Security.
The optional technical assessments will consider the latest vulnerabilities, techniques and exploits used by your adversaries.
The assessment will produce one or more reports depending on the scope. The reports will propose improvements based on priority. The service delivery will be concluded with a read-out of the reports to your stakeholders, and a joint evaluation of the delivery.
The effort of the assessment depends on the depth of the review and the scope of your environments being assessed. Paper assessments (including interviews) can be conducted from an effort of 15 man-days. Assessments including technical work will require a minimum of 30 man-days.
The scoping of the assessment will consider which SAP landscapes to include, the number of documents to review, the number of stakeholders to interview, the number of SAP systems to include in vulnerability testing and pentesting. Scoping is determined as part of the service intake process and is followed by a specific service proposal for agreement.
For more information about this service please contact us through the Client Enquiry Communication form on this site, or send an email to Hugpo Cerutti at firstname.lastname@example.org.