Spotlight on Security Parameters

  • by Gary Byrne, Managing Editor, Financials Expert and SCM Expert
  • September 8, 2011
Configuration parameters play a key role in helping you maintain security controls at any SAP installation. Review a five-point checklist from Richard Castle of Ernst and Young to ensure that you are following best practices for implementing security controls at your organization. Then learn from the comments of Selva Kumar, the vice president of Softsquare LLC and owner of SAPsecuritytrainer.com, about challenges related to establishing and maintaining security parameters for SAP systems.
Key Concept

Are your security parameters strong enough to ward off an attacker looking for vulnerability in your system? Are you compliant? What other issues can affect your security parameters? Two experts, Richard Castle of Ernst and Young, and Selva Kumar, of Softsquare LLC, have some advice.

Richard Castle says that configuration parameters play a significant role in maintaining security controls in SAP installations. At the spring SAPinsider GRC 2011 conference, he discussed user provisioning, restricting access to Basis objects and transactions, functional transactions, assigning adequate segregation of duties to users, and limiting access to customized tables, programs, and transactions. In his talk, “An External Auditor’s Guide to Preparing Your Landscape for a Security Audit,” he provided some common security parameters, shown in Table 1.


Table 1
Workflow processes in SAP BusinessObjects Access Control 10.0

Gary Byrne

Gary is the managing editor of Financials Expert and SCM Expert. Before joining WIS in March 2011, Gary was an editor at Elsevier. In this role he managed the development of manuscripts for Elsevier’s imprint responsible for books on computer security. Gary also has held positions as a copy editor at Aberdeen Group, a Boston-based IT market research company, and as an editor at Internet.com, a publisher of content for the IT community. He also gleaned experience working as a copy editor for International Data Corp., a Framingham, MA-based IT market research company. He earned a bachelor of science degree in journalism from Suffolk University in Boston. He enjoys traveling, sailing as a passenger onboard schooners, and helping his wife, Valerie, with gardening during summer weekends. He’s a fan of all the Boston sports teams and once stood behind Robert Parish in a line at BayBank. He felt small and didn’t ask for an autograph. You can follow him on Twitter at @FI_SCM_Expert. His online footsteps can also be found in the SAP Experts group on LinkedIn.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.