Protect your SAP system from bad actors! Start by getting a thorough grounding in the why and what of cybersecurity before diving into the how. Create your security roadmap using tools like SAP's secure operations map and the NIST Cybersecurity Framework (CSF). Then walk through key cybersecurity processes: vulnerability management, threat detection, incident response, disaster recovery, and more. With step-by-step instructions for implementing infrastructure and network security and using tools like SAP Trust Center, this guide will help you safeguard your system!
Reihe
Sprache
Verlagsort
Editions-Typ
Maße
Höhe: 262 mm
Breite: 188 mm
Dicke: 28 mm
Gewicht
ISBN-13
978-1-4932-2592-7 (9781493225927)
Schweitzer Klassifikation
Autor*in
Gaurav Singh is an SAP cybersecurity manager at Under Armour with more than 17 years of experience and a proven track record of helping organizations protect themselves from cyber threats while maximizing their SAP investments. In addition to his cybersecurity leadership role, Gaurav is an accomplished speaker and published author. He has presented at the SAP Insider conference, cybersecurity track, been featured in international journals, and been recognized as an SAP Insider Expert.
Gaurav's expertise spans the entire spectrum of SAP security, including identity and access controls, governance, risk, and compliance, vulnerability management, threat management, incident response, and backup and disaster recovery. He is passionate about going beyond traditional SAP security to implement true cybersecurity, covering all aspects of the SAP secure operations map, from infrastructure to cloud security.
Juan Perez-Etchegoyen is the chief technology officer at Onapsis. JP oversees the research and innovation teams that keep Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs.
He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd. Prior to joining Onapsis, JP led many information security consultancy projects for companies in Latin America, U.S. and Europe. His strongest experience is in the fields of penetration testing, web application testing, vulnerabilities research, and information security auditing and standards.
... Foreword by Mariano Nuñez ... 15
... Who Should Read This Book ... 19
... Acknowledgments ... 19
1 ... What Is Cybersecurity? ... 21
1.1 ... CIA Triad ... 22
1.2 ... Identification, Authentication, Authorization, and Accountability ... 24
1.3 ... Nonrepudiation ... 26
1.4 ... Vulnerabilities, Threats, and Risks to SAP Applications ... 26
1.5 ... OWASP Top 10 ... 31
1.6 ... Ransomware ... 40
1.7 ... Frameworks ... 41
1.8 ... Security Research ... 43
1.9 ... Summary ... 44
2 ... Why Do SAP Landscapes Need Cybersecurity? ... 45
2.1 ... Evolution of Vulnerabilities and Threats to SAP Applications ... 45
2.2 ... Why Traditional SAP Security Can't Protect against Cybersecurity Threats ... 56
2.3 ... Obstacles to Cybersecurity Implementation ... 61
2.4 ... Traditional SAP Security: What Works and What Doesn't ... 71
2.5 ... Summary ... 82
4 ... Building a Cybersecurity Program for the SAP Landscape ... 165
4.1 ... National Institute of Standards and Technology Cybersecurity Framework ... 166
4.2 ... Center for Internet Security Critical Security Controls ... 170
4.3 ... Secure Operations Map ... 171
4.4 ... Govern ... 177
4.5 ... Identify ... 183
4.6 ... Protect ... 193
4.7 ... Detect ... 238
4.8 ... Respond ... 243
4.9 ... Recover ... 247
4.10 ... Onapsis Platform ... 250
4.11 ... Summary ... 263
5 ... Vulnerabilities and Patches ... 265
5.1 ... SAP Notes ... 265
5.2 ... Managing Vulnerabilities in the SAP Landscape ... 273
5.3 ... Patch Days ... 288
5.4 ... Summary ... 292
6 ... Threat Detection and Incident Response ... 293
6.1 ... Threat Management for SAP ... 293
6.2 ... Threat Intelligence ... 304
6.3 ... Anomaly Detection ... 309
6.4 ... Incident Response, Logging, and Monitoring in SAP ... 310
6.5 ... Summary ... 327
7 ... Business Continuity and Disaster Recovery ... 329
7.1 ... It's a Matter of When, Not If ... 330
7.2 ... Are We Ready for Disaster? ... 333
7.3 ... Business Continuity/Disaster Recovery for SAP ... 338
7.4 ... Backup Strategy ... 352
7.5 ... Protect Your Keys ... 353
7.6 ... Disaster Recovery Tests ... 354
7.7 ... Summary ... 356
8 ... Infrastructure Security ... 359
8.1 ... Responsibilities and Models ... 359
8.2 ... Operating System Level Security: Secure by Design ... 362
8.3 ... Roles and Responsibility Matrix ... 369
8.4 ... Inventory ... 370
8.5 ... Privileged Access Management ... 372
8.6 ... Logging and Monitoring on the Infrastructure Level ... 373
8.7 ... Physical Data Centers versus Cloud Data Centers ... 375
8.8 ... Antivirus and Anti-Malware Scanning ... 377
8.9 ... Summary ... 378
9 ... Network Security ... 379
9.1 ... Network Basics Concepts ... 379
9.2 ... Network Security: Core Principles and Practices ... 391
9.3 ... Network Security for SAP ... 395
9.4 ... Summary ... 401
10 ... SAP Trust Center ... 403
10.1 ... Resources in SAP Trust Center ... 403
10.2 ... SAP for Me ... 417
10.3 ... Summary ... 418
11 ... Impact of SAP S/4HANA, RISE with SAP, and the Cloud on Cybersecurity ... 419
11.1 ... SAP S/4HANA Migration and What It Means for Cybersecurity ... 420
11.2 ... What the Cloud Means for SAP Cybersecurity ... 428
11.3 ... Summary ... 445
... The Authors ... 447
... Index ... 449
