Configuration parameters play a key role in helping you maintain security controls at any SAP installation. Review a five-point checklist from Richard Castle of Ernst and Young to ensure that you are following best practices for implementing security controls at your organization. Then learn from the comments of Selva Kumar, the vice president of Softsquare LLC and owner of SAPsecuritytrainer.com, about challenges related to establishing and maintaining security parameters for SAP systems.
Are your security parameters strong enough to ward off an attacker looking for vulnerability in your system? Are you compliant? What other issues can affect your security parameters? Two experts, Richard Castle of Ernst and Young, and Selva Kumar, of Softsquare LLC, have some advice.
Richard Castle says that configuration parameters play a significant role in maintaining security controls in SAP installations. At the spring SAPinsider GRC 2011 conference, he discussed user provisioning, restricting access to Basis objects and transactions, functional transactions, assigning adequate segregation of duties to users, and limiting access to customized tables, programs, and transactions. In his talk, “An External Auditor’s Guide to Preparing Your Landscape for a Security Audit,” he provided some common security parameters, shown in Table 1.
Workflow processes in SAP BusinessObjects Access Control 10.0