Articoli correlati a SAP Security and Authorizations
Sinossi
This book gives technical consultants, IT managers, and authorization administrators an in-depth look at all aspects of IT security in the SAP NetWeaver environment. An introduction to the overall subject matter helps you get up to speed quickly on topics like risk evaluation, creating control options, designing security measures – and teaches you the appropriate procedures for implementing the supporting processes. You’ll also benefit from an overview of international security standards and legal regulations (e.g., Sarbanes-Oxley Act and Basel II), and you'll discover the best SAP security strategies and practices to ensure compliance. The second part of the book is dedicated to the technical implementation of these security measures. From the authorization concept to measures concerning infrastructure in the portal environment and collaboration scenarios with SAP XI through to process planning, the authors leave no rock unturned. This book uses examples to describe the potential risks as well as specific application and system security concepts for individual SAP components and solutions. Bonus: Includes a complete map of the Global Security Positioning System – an ideal navigation aid, not only while reading the book but also for ongoing assistance with your daily work. Highlights Include: - SAP security strategies and best practices - Basic principles of technical security - Risk and control management - Legal and intra-enterprise requirements - Country-specific security standards - Application security for SAP NetWeaver and SAP solutions - Technical implementation - Graphical display of technology layers using the Global Security Positioning System
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
L'autore
Mario Linkies works as a consultant whose primary focus is IT security, in particular, providing comprehensive strategic consulting with regard to risk and control management, authorization concepts, change management, data protection, and legal compliance. Mario has over 15 years' experience in the areas of SAP and security. As the Director of the Security Department for both SAP Systems Integration (SAP SI) and SAP Global Focus Group Risk Management & IT Security at SAP Consulting, he provides internal SAP consulting services, supports national and international clients in different industries, and continuously fosters awareness for security topics in numerous initiatives. Mario is one of the initiators of the SAP Global Security Alliance.
Contenuti
Foreword by Prof. Wolfgang Lassmann ... 15 Foreword by Dr. Sachar Paulus ... 17 1 Introduction ... 21 ... 1.1 Background ... 21 ... 1.2 Contents ... 23 ... 1.3 How to Read This Book ... 23 ... 1.4 Acknowledgements ... 24 Part 1 Basic Principles of Risk Management and IT Security 2 Risk and Control Management ... 27 ... 2.1 Security Objectives ... 27 ... 2.2 Company Assets ... 29 ...... 2.2.1 Types of Company Assets ... 31 ...... 2.2.2 Classification of Company Assets ... 32 ... 2.3 Risks ... 33 ...... 2.3.1 Types of Risks ... 34 ...... 2.3.2 Classification of Risks ... 36 ... 2.4 Controls ... 37 ...... 2.4.1 Types of Controls ... 37 ...... 2.4.2 Classification of Controls ... 38 3 Security Strategy ... 41 ... 3.1 Status Quo ... 41 ... 3.2 Components ... 43 ...... 3.2.1 General Framework ... 44 ...... 3.2.2 Strategy ... 44 ...... 3.2.3 Methods ... 45 ...... 3.2.4 Best Practices ... 46 ...... 3.2.5 Documentation ... 47 ... 3.3 Best Practices of an SAP Security Strategy ... 47 ...... 3.3.1 Procedure ... 47 ...... 3.3.2 Principle of Information Ownership ... 56 ...... 3.3.3 Identity Management ... 61 4 Requirements ... 67 ... 4.1 Legal Requirements ... 67 ...... 4.1.1 Sarbanes-Oxley Act ... 68 ...... 4.1.2 Basel II ... 76 ...... 4.1.3 GoBS ... 79 ... 4.2 Internal Requirements ... 81 ... 4.3 Summary ... 82 5 Security Standards 83 ... 5.1 International Security Standards ... 83 ...... 5.1.1 International Security Standard ISO 17799 ... 83 ...... 5.1.2 International Security Standard CoBIT ... 87 ...... 5.1.3 COSO - Integrated Framework for Company Risk Management ... 90 ... 5.2 Country-Specific Security Standards ... 94 ...... 5.2.1 American Standard NIST Special Publications 800 12 ... 94 ...... 5.2.2 German Security Standard IT Baseline Protection of the BSI ... 96 6 Basic Principles of Technical Security ... 101 ... 6.1 Cryptography ... 101 ...... 6.1.1 Symmetric Encryption Procedure ... 102 ...... 6.1.2 Asymmetric Encryption Procedure ... 103 ...... 6.1.3 Hybrid Encryption Procedure ... 104 ...... 6.1.4 Hash Procedures ... 106 ...... 6.1.5 Digital Signature ... 107 ... 6.2 Public Key Infrastructure ... 109 ... 6.3 Authentication Procedures ... 111 ...... 6.3.1 User Name and Password ... 111 ...... 6.3.2 Challenge Response ... 111 ...... 6.3.3 Kerberos ... 112 ...... 6.3.4 Secure Token ... 113 ...... 6.3.5 Digital Certificate ... 113 ...... 6.3.6 Biometrics ... 113 ... 6.4 Basic Principles of Networks ... 114 ...... 6.4.1 OSI Reference Model ... 114 ...... 6.4.2 Important Network Protocols ... 117 ...... 6.4.3 Overview of Firewall Technologies ... 118 ...... 6.4.4 Secure Sockets Layer Encryption ... 120 Part 2 Security in SAP NetWeaver and Application Security 7 SAP Applications and Technology ... 123 ... 7.1 Global Security Positioning System ... 123 ... 7.2 SAP Applications ... 123 ... 7.3 SAP NetWeaver ... 125 ... 7.4 Security Technologies ... 127 ...... 7.4.1 Authorizations, Risk and Change Management, and Auditing ... 127 ...... 7.4.2 Identity Management ... 128 ...... 7.4.3 Secure Authentication and Single Sign-On (SSO) ... 129 ...... 7.4.4 Technical Security ... 130 ...... 7.4.5 Influencing Factors ... 131 8 SAP Web Application Server ... 135 ... 8.1 Introduction and Functions ... 135 ...... 8.1.1 Overview ... 135 ...... 8.1.2 Technical Architecture ... 136 ... 8.2 Risks and Controls ... 137 ... 8.3 Application Security ... 145 ...... 8.3.1 Technical Authorization Concept for Administrators ... 145 ...... 8.3.2 Authorization Concept for Java Applications ... 152 ...... 8.3.3 Restricting Authorizations for RFC Calls ... 157 ... 8.4 Technical Security ... 161 ...... 8.4.1 Introducing a Single Sign-On Authentication Mechanism ... 161 ...... 8.4.2 Connecting the SAP Web AS to a Central LDAP Directory ... 163 ...... 8.4.3 Changing the Default Passwords for Default Users ... 165 ...... 8.4.4 Configuring Security on the SAP Gateway ... 165 ...... 8.4.5 Restricting Operating System Access ... 167 ...... 8.4.6 Configuring Important Security System Parameters ... 168 ...... 8.4.7 Configuring Encrypted Communication Connections (SSL and SNC) ... 170 ...... 8.4.8 Restricting Superfluous Internet Services ... 174 ...... 8.4.9 Secure Network Architecture for Using the SAP Web AS with the Internet ... 176 ...... 8.4.10 Introducing an Application-Level Gateway to Make Internet Applications Secure ... 176 ...... 8.4.11 Introducing Hardening Measures on the Operating System Level ... 177 ...... 8.4.12 Introducing a Quality Assurance Process for Software Development ... 177 9 SAP ERP Central Component ... 181 ... 9.1 Introduction and Functions ... 181 ... 9.2 Risks and Controls ... 181 ... 9.3 Application Security ... 187 ...... 9.3.1 Authentication ... 187 ...... 9.3.2 Authorizations ... 188 ...... 9.3.3 Other Authorization Concepts ... 202 ...... 9.3.4 Best-Practice Solutions ... 213 ... 9.4 Technical Security ... 221 10 mySAP ERP Human Capital Management ... 223 ... 10.1 Introduction and Functions ... 223 ... 10.2 Risks and Controls ... 223 ... 10.3 Application Security ... 229 ...... 10.3.1 HCM Master Data Authorizations ... 231 ...... 10.3.2 HCM Applicant Authorizations ... 232 ...... 10.3.3 HCM Personnel Planning Authorizations ... 233 ...... 10.3.4 HCM Reporting Authorizations ... 233 ...... 10.3.5 Structural Authorizations ... 233 ...... 10.3.6 Authorizations for Personnel Development ... 234 ...... 10.3.7 Tolerated Authorizations ... 234 ...... 10.3.8 Authorizations for Inspection Procedures ... 234 ...... 10.3.9 Customized Authorization Checks ... 235 ...... 10.3.10 Indirect Role Assignment Through the Organizational Structure ... 235 ...... 10.3.11 Additional Transactions Relevant to Internal Controls ... 236 ... 10.4 Technical Security ... 236 11 SAP Industry Solutions ... 237 ... 11.1 Introduction and Functions ... 237 ... 11.2 Risks and Controls ... 238 ... 11.3 Application Security ... 240 ...... 11.3.1 SAP Max Secure ... 240 ...... 11.3.2 SAP Role Manager ... 241 ... 11.4 Technical Security ... 244 12 SAP NetWeaver Business Intelligence ... 245 ... 12.1 Introduction and Functions ... 245 ... 12.2 Risks and Controls ... 247 ... 12.3 Application Security ... 249 ...... 12.3.1 Authorizations ... 249 ...... 12.3.2 Other Concepts ... 254 ... 12.4 Technical Security ... 258 13 SAP NetWeaver Master Data Management ... 261 ... 13.1 Introduction and Functions ... 261 ... 13.2 Risks and Controls ... 262 ... 13.3 Application Security ... 266 ...... 13.3.1 Identity Management and Authorizations ... 267 ...... 13.3.2 Revision Security ... 272 ... 13.4 Technical Security ... 273 ...... 13.4.1 Communications Security ... 273 ...... 13.4.2 Important Additional GSPS Components ... 274 14 mySAP Customer Relationship Management ... 275 ... 14.1 Introduction and Functions ... 275 ... 14.2 Risks and Controls ... 275 ... 14.3 Application Security ... 277 ... 14.4 Technical Security ... 284 ...... 14.4.1 Technical Protection of the Mobile Application ... 285 ...... 14.4.2 Additional Important GSPS Components ... 285 15 mySAP Supplier Relationship Management ... 287 ... 15.1 Introduction and Functions ... 287 ... 15.2 Risks and Controls ... 288 ... 15.3 Application Security ... 289 ...... 15.3.1 Important Authorizations ... 289 ...... 15.3.2 Rules-Based Security Checks Using Business Partner Attributes ... 297 ...... 15.3.3 User Management ... 300 ... 15.4 Technical Security ... 301 16 mySAP Supply Chain Management ... 303 ... 16.1 Introduction and Functions ... 303 ... 16.2 Risks and Controls ... 303 ... 16.3 Application Security ... 304 ...... 16.3.1 Authorizations for the iPPE Workbench ... 304 ...... 16.3.2 Authorizations for Supply Chain Planning ... 305 ...... 16.3.3 Authorizations for Event Management ... 305 ... 16.4 Technical Security ... 306 17 SAP Strategic Enterprise Management ... 307 ... 17.1 Introduction and Functions ... 307 ... 17.2 Risks and Controls ... 308 ... 17.3 Application Security ... 309 ... 17.4 Technical Security ... 309 18 SAP Solution Manager ... 311 ... 18.1 Introduction and Functions ... 311 ... 18.2 Risks and Controls ... 314 ... 18.3 Application Security ... 316 ... 18.4 Technical Security ... 318 ...... 18.4.1 System Monitoring Function ... 318 ...... 18.4.2 RFC Communication Security ... 319 ...... 18.4.3 Important Additional GSPS Components ... 319 19 SAP Enterprise Portal ... 321 ... 19.1 Introduction and Functions ... 321 ...... 19.1.1 Technical architecture ... 322 ...... 19.1.2 Description of the User Management Engine ... 324 ... 19.2 Risks and Controls ... 328 ... 19.3 Application Security ... 335 ...... 19.3.1 Structure and Design of Portal Roles ... 335 ...... 19.3.2 Delegated User Administration for Portal Roles by Involving the Information Owners ... 341 ...... 19.3.3 Synchronization of Portal Roles with the ABAP Roles of SAP Backend Applications ... 344 ...... 19.3.4 Change Management Process for New Portal Content ... 350 ... 19.4 Technical Security ... 352 ...... 19.4.1 Connecting SAP EP to a Central LDAP Directory or SAP System ... 352 ...... 19.4.2 Implementation of a Single Sign-On Mechanism Based on a One-Factor Authentication ... 354 ...... 19.4.3 Implementation of a Single Sign-On Mechanism Based on an Integrated Authentication ... 357 ...... 19.4.4 Implementation of a Single Sign-On Mechanism Based on Person-Related Certificates ... 359 ...... 19.4.5 Configuration for Anonymous Access ... 361 ...... 19.4.6 Secure Initial Configuration ... 362 ...... 19.4.7 Definition and Implementation of Security Zones ... 363 ...... 19.4.8 Secure Network Architecture ... 365 ...... 19.4.9 Introducing an Application-Level Gateway to Make Portal Applications Secure ... 368 ...... 19.4.10 Configuration of Encrypted Communication Channels ... 371 ...... 19.4.11 Implementation of a Virus Scan for Avoiding a Virus Infection ... 373 20 SAP Exchange Infrastructure ... 375 ... 20.1 Introduction and Functions ... 375 ... 20.2 Risks and Controls ... 379 ... 20.3 Application Security ... 384 ...... 20.3.1 Authorizations for the Integration Builder ... 384 ...... 20.3.2 Passwords and Authorizations for Technical Service Users ... 385 ... 20.4 Technical Security ... 387 ...... 20.4.1 Definition of Technical Servi...
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
- EditoreSap Pr America
- Data di pubblicazione2006
- ISBN 10 1592290620
- ISBN 13 9781592290628
- RilegaturaCopertina rigida
- LinguaInglese
- Numero edizione1
- Numero di pagine506
Compra usato
Condizioni: molto buonoItem in very good condition! Textbooks...
Visualizza questo articolo
EUR 5,81
GRATIS per la spedizione in U.S.A.
Destinazione, tempi e costiRisultati della ricerca per SAP Security and Authorizations
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: SecondSale, Montgomery, IL, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Very Good. Item in very good condition! Textbooks may not include supplemental items i.e. CDs, access codes etc. Codice articolo 00087341237
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: ThriftBooks-Atlanta, AUSTELL, GA, U.S.A.
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Very Good. No Jacket. May have limited writing in cover pages. Pages are unmarked. ~ ThriftBooks: Read More, Spend Less 2.2. Codice articolo G1592290620I4N00
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: ThriftBooks-Dallas, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Good. No Jacket. Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less 2.2. Codice articolo G1592290620I3N00
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: ThriftBooks-Dallas, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Very Good. No Jacket. May have limited writing in cover pages. Pages are unmarked. ~ ThriftBooks: Read More, Spend Less 2.2. Codice articolo G1592290620I4N00
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: ThriftBooks-Atlanta, AUSTELL, GA, U.S.A.
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Good. No Jacket. Pages can have notes/highlighting. Spine may show signs of wear. ~ ThriftBooks: Read More, Spend Less 2.2. Codice articolo G1592290620I3N00
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: ThriftBooks-Atlanta, AUSTELL, GA, U.S.A.
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Very Good. No Jacket. Missing dust jacket; May have limited writing in cover pages. Pages are unmarked. ~ ThriftBooks: Read More, Spend Less 2.2. Codice articolo G1592290620I4N01
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations
Da: Decluttr, Kennesaw, GA, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Very Good. 1722515616. 8/1/2024 12:33:36 PM. Codice articolo U9781592290628
Quantità: 1 disponibili
Foto dell'editore
SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: Open Books, Chicago, IL, U.S.A.
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Very Good. Open Books is a nonprofit social venture that provides literacy experiences for thousands of readers each year through inspiring programs and creative capitalization of books. Codice articolo mon0000640241
Quantità: 1 disponibili
Immagini fornite dal venditore
SAP Security and Authorizations. Risk Management and Compliance with Legal Regulations in the SAP Environment
Da: Bookbot, Prague, Repubblica Ceca
Valutazione del venditore 5 su 5 stelle
Hardcover. Condizione: Poor. Spuren von Feuchtigkeit / Nässe; Leichte Kratzer / Abnutzungen / Druckstellen. This book offers IT consultants and managers a comprehensive guide to IT security in the SAP NetWeaver environment. It covers risk evaluation, control options, and security measures, alongside international standards and legal regulations. The second part focuses on technical implementation and includes a Global Security Positioning System map for practical navigation. Codice articolo 5950dd98-5323-477a-8419-003e64eec169
Quantità: 1 disponibili