SAP Secure Operations Map. SAP Active Global Support Security Services May 2015
|
|
- Leona Ryan
- 8 years ago
- Views:
Transcription
1 SAP Secure Operations Map SAP Active Global Support Security Services May 2015
2 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation Users and Authorizations Authentication and Single Sign-On Support Security Security Review and Monitoring Secure Setup Secure Configuration Communication Security Data Security Secure Code Security Maintenance of SAP Code Custom Code Security Infrastructure Security Network Security Operating System and Database Security Frontend Security 2015 SAP SE. All rights reserved. 2
3 SAP Secure Operations Map The 16 Secure Operation Tracks cover the following topics: Security Governance: Adopt security policies for your SAP landscape, create and implement an SAP Security Baseline Audit: Ensure and verify the compliance of a company s IT infrastructure and operation with internal and external guidelines Cloud Security: Ensure secure operation in cloud and outsourcing scenarios Emergency Concept: Prepare for and react to emergency situations Users and Authorizations: Manage IT users and authorizations including special users like administrators Authentication and Single Sign-On: Authenticate users properly but only as often as really required Support Security: Resolve software incidents in a secure manner Security Review and Monitoring: Review and monitor the security of your SAP systems on a regular basis Secure Configuration: Establish and maintain a secure configuration of standard and custom business applications Communication Security: Utilize communication security measures available in your SAP software Data Security: Secure critical data beyond pure authorization protection Security Maintenance of SAP Code: Establish an effective process to maintain the security of SAP delivered code Custom Code Security: Develop secure custom code and maintain the security of it Network Security: Ensure a secure network environment covering SAP requirements Operating System and Database Security: Cover SAP requirements towards the OS and DB level Frontend Security: Establish proper security on the frontend including workstations and mobile devices 2015 SAP SE. All rights reserved. 3
4 Security Governance Create and implement an SAP Security Baseline, containing the governing SAP-specific regulations to be applied for all SAP systems in the customer s landscapes. Define and implement an operational model with clear defined roles and responsibilities as well as the operational process ensuring that the requirements become real action in the different system landscapes. Goal is to achieve a common understanding about the responsibilities of the different parties involved and comparable results for implementation of measures and the regular reporting. To ensure full transparency on the implemented IT Security level each area has to implement and operate and appropriate Risk Management and IT Risk and Security Lifecycle Identify systems or landscapes for which on a first informal assessment the standard SAP Security Baseline may not be sufficient. This may be the case if specific security requirements or restrictions apply to a certain system. For such systems after covering the SAP Security Baseline requirements a detailed risk analysis is required. Measures required beyond the Baseline need then to be included into the rule set, operations and risk management for such systems SAP SE. All rights reserved. 4
5 Audit Prepare for internal and external audits Identify relevant regulations like ITIL, BASEL II, SOX, FDA, Data Protection or ISO and derive required measures and controls from there. Ensure the auditability of systems by enforcing appropriate and effective security, e.g. no unrestricted authorizations (e.g. SAP_ALL ) or debug/change authorizations on production systems. Define logs and traces to be collected (consider data protection laws, put limits on production environment, define clipping levels etc.). Restrict access to log data and logging facilities. Assess your systems on a regular basis Analyze logs with appropriate tools (Audit Information System, Security Audit Log, User Information System (SUIM), SAP Solution Manager, etc.) Perform Security Assessments (Security Optimization Services, penetration tests) Audit the different Secure Operations Tracks e.g. infrastructure settings and communication interfaces (firewall, RFC destinations, ALE, ICF, WS, etc.) users and authorizations (spot checks, GRC access control, etc.) Respond to audit results resolve audit complaints appropriately improve operations and rule sets to avoid similar findings in future 2015 SAP SE. All rights reserved. 5
6 Cloud Security Define minimum security requirements for Service Level Agreements (SLAs) Definition of roles and responsibilities (e.g. basis administration by the outsourcing partner, application administration by the company itself) Definition of interfaces, communication and controls between the parties Regulations for security maintenance, secure configuration and secure operation of systems For those parts, that remain in the customer s responsibility (e.g. application operations for HEC systems) the standard recommendations and Secure Operation Tracks recommendations remain unchanged Establish suitable infrastructures (Identity Management, Single Sign-On) and secure connections to integrate the cloud service into your landscape and to connect hybrid scenarios SAP SE. All rights reserved. 6
7 Emergency Concept Prepare for incidents Define processes and responsibilities Create and maintain emergency users for relevant systems Collect required logs and data Define rules and triggers for incident identification and classification Define processes for incident response, impact containment and remediation and incident recovery Prepare for technical and non-technical (e.g. legal) follow-up and improvements Ensure a suitable backup and recovery concept (which targets availability; not part of the Security standard) 2015 SAP SE. All rights reserved. 7
8 Users & Authorizations Define a User Authorization Concept including Define appropriate authorizations for business users and roles Ensure cross-system and landscape consistency of authorizations Segregate basis authorization from application-level authorizations Define appropriate roles and authorizations for all administration topics (security administrator, IT administrator, data custodian, auditor, etc.) Define and maintain support and emergency users with appropriate roles and authorizations as well as activation/deactivation rules and documentation requirements. Clarify the overall identity and authorization provisioning architecture Define and implement processes for the proper creation, modification and removal of users and authorizations (led by HCM) Implement Identity Management or integrate with an existing Identity Management Infrastructure. Integrate with any existing Corporate Directory. Check replication and synchronization among user stores (IdM, LDAP, UME, CUA, etc.) Implement proper Segregation of Duty (SoD) rules, controls and mechanisms 2015 SAP SE. All rights reserved. 8
9 Authentication and Single Sign-On Establish appropriate single- or multi-factor authentication mechanisms Decide and implement central authentication and Single Sign-On to connected systems or integrate with existing Single Sign-On infrastructures. This may include Maintenance and Operation of corresponding Public Key Infrastructures Managements of certificates (maintenance of key stores, revocation lists, certification requests, etc.) Operation of initial authentication points and Identity Provider / Identity Consumer services Prepare for authenticator (password, certificate, token) renewal and revocation SAP SE. All rights reserved. 9
10 Support Security Address the needs for getting support in a secure manner on the different levels Secure internal support by the internal support group of the respective company or organization Secure external support from third parties Secure support from SAP as the vendor Advanced Secure Support offering from SAP for companies and organization with enhanced security needs like cleared support personnel or secure support rooms Define requirements for support connections and select accordingly (NetViewer, opening of remote connections etc.) Manage support user accounts and authorizations (password policies, validity period etc.) Allow reproduction of errors on development and test systems (TDMS) Develop guidelines for message handling (interaction employee and support etc.) 2015 SAP SE. All rights reserved. 10
11 Security Review and Monitoring Monitor and review security settings, which includes external or internal assessments as well as tools and services like the EarlyWatch Alert Security chapter or the Security Optimization Self or Remote Service Monitor and review activity logs (including the security audit logs) Periodically review security relevant configuration settings of all systems and installed software components, e.g. via Configuration Validation and Security Dashboards. Integrate security monitoring with Alerting (e.g. SAP Solution Manager Monitoring and Alerting Infrastructure), Operation Control Centers (OCC) or Risk Management and Mitigation (e.g. GRC Process Control) 2015 SAP SE. All rights reserved. 11
12 Security in Operations The Big Picture Management Dashboards Provide an overview on system landscape status For Security could also include the progress of get-clean projects Mainly used for quick status overview as required by management and operations Incident Management Guided Procedures (Immediate Resolution) Inbox of Work Items used as trigger for action For Security may contain Snapshot spot checks (identified issues at time of check) Security critical events (independent of time of check) Change Management (Change Projects) Risk Management (Remediation/Exception Handling) 2015 SAP SE. All rights reserved. 12
13 Secure Configuration Maintain security configuration settings and changes Especially refer to the SAP Security Guides and to the SAP Security Baseline Template Setup and maintain the transport management system for ABAP and Java (protect transport directory) 2015 SAP SE. All rights reserved. 13
14 Communication Security Secure data in transit via communication encryption, e.g. via SSL/TLS or SNC Maintain and operate the corresponding Public Key Infrastructure Secure RFC communication by respecting system security hierarchy and setting up connections appropriately restricting RFC access e.g. via UCON assigning proper network / RFC authorizations using RFC Gateway security mechanisms to secure the usage of started or registered RFC servers Limit ICF / Web services to the required minimum 2015 SAP SE. All rights reserved. 14
15 Data Security Message-level security, including data encryption (e.g. of credit card numbers) and digital signatures e.g. via the Secure Store and Forward (SSF) framework. Anti-Virus scanning of files and documents, e.g. via the Virus Scan Interface (VSI) 2015 SAP SE. All rights reserved. 15
16 Security Maintenance of SAP Code Security Maintenance approach for handling Security Notes published on the SAP Patch Days. Note risk evaluation and Note implementation Kernel updates General software maintenance (Support Packages (SP), new versions, new patch levels) including corresponding Security Notes planning Implementation and use of corresponding tools like Maintenance Optimizer System Recommendations Configuration Validation 2015 SAP SE. All rights reserved. 16
17 Custom Code Security Custom Code Lifecycle Management and Custom Code Clean-Up Custom Code Secure Development Lifecycle Knowledge & Awareness Introduce security in the SW development organizations and processes Procedures & Guidelines Define and implement Secure Software Development Lifecycle Provide guidelines, best practices etc. Develop test concept for in-house and 3rd party development Tool Support Implement Code Security Scanners as e.g. the Code Vulnerability Analyzer (CVA) 2015 SAP SE. All rights reserved. 17
18 Network Security Maintain an appropriate network topology, network segregation and domain concept Limit network services and protocols Implement and secure SAP network components like SAProuter and SAP Web Dispatcher Cover key SAP requirements towards the network layer, e.g. introduce at least a separation between server and client networks SAP SE. All rights reserved. 18
19 Operating System and Database Security Operating Systems (OS) Verify OS hardening, update and test systems, maintain and perform anti-virus checks, ensure integrity of critical system files and configurations, keep user base up-to-date Cover SAP security needs, e.g. OS level protection of critical directories like the transport directory Databases (DB) Restrict use of database, proprietary database tools and database specific functions by proper authorization management at the database level Log and analyze database security events Cover SAP security needs, e.g. avoid database usage bypassing the SAP DB abstraction layer (if not required e.g. for direct access to a HANA database) 2015 SAP SE. All rights reserved. 19
20 Frontend Security Manage devices and applications especially for mobile devices. Manage secure software distribution and configuration Monitor usage of licenses and installations of unauthorized software Maintain secure communication channels. Configure, distribute and activate SAPGUI security mechanisms including the SAPGUI Access Control Lists SAP SE. All rights reserved. 20
21 Thank You! Contact information: SAP Active Global Support Security Services
SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT
SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT Foreword by Prof. Wolfgang Lassmann... 15 Foreword by Dr. Sachar Paulus... 17 1 Introduction...
More informationSAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts
SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance
More informationSAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.
Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?
More informationSAP Standard for Security
SAP Standard for E2E Solution Operations Document Version: 1.0 2014-12-12 SAP Solution Manager 7.1 Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These
More informationMaster Data Governance Security Guide
Master Data Governance Security Guide PUBLIC Document Version: 01.08 2014 Master Data Governance Security Guide 70 1 Copyright Copyright 2013 SAP AG. All rights reserved. Portions Copyright 2014 Utopia
More informationSession 0804 Security Control Center by SAP Active Global Support Kristian Lehment, Senior Product Manager, SAP AG
Orange County Convention Center Orlando, Florida June 3-5, 2014 Session 0804 Security Control Center by SAP Active Global Support Kristian Lehment, Senior Product Manager, SAP AG Abstract Running secure
More informationSAP Standard for Remote Supportability
SAP Standard for E2E Solution Operations Document Version: 1.0 2014-12-12 SAP Solution Manager 7.1 Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These
More informationInformation Technology Solutions. Managed IT Services
Managed IT Services System downtime, viruses, spyware, lost productivity; if these problems are impacting your business, it is time to make technology work for you. At ITS, we understand the importance
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationSAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH
SAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH WWW.MANTRANCONSULTING.COM 25 Mar 2011, ISACA Singapore SOD SAS70 Project Controls Infrastructure security Configurable controls Change
More informationCompliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT
Compliance & SAP Security Secure SAP applications based on state-of-the-art user & system concepts Driving value with IT BO Access Control Authorization Workflow Central User Management Encryption Data
More informationSAP SECURITY OPTIMIZATION
SAP SECURITY OPTIMIZATION ABAP Checks This documents shows the description of all checks which are executed by the SAP Security Optimization Service for an ABAP system (Version from May 2014). Author:
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationPreparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.
Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationSAP R/3 Security Assessment Framework
NII CONSULTING SAP R/3 Security Assessment Framework Version 1.0 N E T W O R K I N T E L L I G E N C E (IN D I A ) P VT. L TD. Contents Objective... 3 Methodology... 4 Phase 1: User Authentication... 4
More informationSAP Netweaver Application Server and Netweaver Portal Security
VU University Amsterdam SAP Netweaver Application Server and Netweaver Portal Security Author: Nick Kirtley Supervisors: Abbas Shahim, Frank Hakkennes Date: 28-09-2012 Organization: VU University Amsterdam,
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationUse of The Information Services Active Directory Service (AD) Code of Practice
Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be
More informationSecurity and Risk Management
Mario Linkies and Horst Karin SAP Security and Risk Management Bonn Boston Contents at a Glance PART I Basic Principles of Risk Management and IT Security... 31 1 Risk and Control Management... 33 2 Enterprise
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationProcessed on SAP Solution Manager Service Center Release EHP 1 for Solution Manager 7.0 Telephone Service Tool 701_2011_1 SP0 Fax
SERVICE REPORT SAP Security Optimization Self-Service SAP System ID SAP Product Release DB System Customer Processed on SAP Solution Manager Service Center Release EHP 1 for Solution Manager 7.0 Telephone
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationAUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR
AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationHow RSA has helped EMC to secure its Virtual Infrastructure
How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationCloud-based Managed Services for SAP. Service Catalogue
Cloud-based Managed Services for SAP Service Catalogue Version 1.8 Date: 28.07.2015 TABLE OF CONTENTS Introduction... 4 Managed Services out of the Cloud... 4 Cloud-based Flexibility, Efficiency and Scalability...
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationHow to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions
How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions Introduction This paper provides an overview of the integrated solution and a summary of implementation options
More informationFundamentals of a Windows Server Infrastructure MOC 10967
Fundamentals of a Windows Server Infrastructure MOC 10967 Course Outline Module 1: Installing and Configuring Windows Server 2012 This module explains how the Windows Server 2012 editions, installation
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationEllucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant
Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationTEXAS AGRILIFE SERVER MANAGEMENT PROGRAM
TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationApplication Gateway with Apache
Application Gateway with Apache Multi-backend scenarios Nghia Nguyen SAP NetWeaver RIG Americas, SAP Labs, LLC Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationBusiness-Driven, Compliant Identity Management
SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationService Catalog. it s Managed Plan Service Catalog
Service Catalog it s Managed Plan Service Catalog 6/18/2012 Document Contents Contents Document Contents... 2 Overview... 3 Purpose... 3 Product Description... 3 Plan Overview... 3 Tracking... 3 What is
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationEnterprise Architecture Review Checklist
Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish
More informationSecurity for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper
Security for Cloud- and On Premise Deployment Mendix App Platform Technical Whitepaper Security for Cloud- and On Premise Deployment EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 THE MENDIX APP PLATFORM...
More informationChecking Security Configuration and Authorization.. or how best to protect your data and keep the availability of your SAP solutions
Checking Security Configuration and Authorization.. or how best to protect your data and keep the availability of your SAP solutions SAP Active Global Support Security Services November 2015 Disclaimer
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationInformation Security @ Blue Valley Schools FEBRUARY 2015
Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server
ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationHP Security Framework. Jakub Andrle
HP Security Framework Jakub Andrle Hewlett-Packard 11.place in Fortune Magazine chart In fiscal year 2007 we achieved $7bilions growth CEO HP - Mark Hurd, company residence - Palo Alto, California, USA
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationDigital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.
Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationPREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD
SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. PREMIER SUPPORT
More informationDavid.Balka@chi.frb.org 2009 STREAM FRBC
Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationSecurity Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014
Security Think beyond! Patrick Hildenbrand, SAP HANA Platform Extensions June 17, 2014 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationATTACKS TO SAP WEB APPLICATIONS
ATTACKS TO SAP WEB APPLICATIONS by Mariano Nuñez Di Croce mnunez@onapsis.com BlackHat DC 2011 Briefings Abstract "SAP platforms are only accessible internally". While that was true in many organizations
More informationSERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less
SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. SERVICES BRONZE
More informationNorth Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing
North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing Introduction ManTech Project Manager Mark Shaw, Senior Executive Director Cyber Security Solutions Division
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationGovernance, Risk & Compliance for Public Sector
Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationPUBLIC Secure Login for SAP Single Sign-On Implementation Guide
SAP Single Sign-On 2.0 SP04 Document Version: 1.0-2014-10-28 PUBLIC Secure Login for SAP Single Sign-On Implementation Guide Table of Contents 1 What Is Secure Login?....8 1.1 System Overview.... 8 1.1.1
More informationRemote Connectivity Infrastructure
Remote Connectivity Infrastructure SAP Active Global Support & Maintenance Go-to-Market November 2014 Public Remote Connectivity Infrastructure Table of Contents Introduction General Architecture SAProuter
More informationIT Service Management in SAP Solution Manager
Nathan Williams IT Service Management in SAP Solution Manager Bonn Boston Contents at a Glance PART I Introduction 1 An Overview of IT Service Management... 29 2 User Interfaces for SAP ITSM Functions
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More information