Course announcements

  • Participants of this course will gain knowledge on how to secure an SAP system. Data protection, Security monitoring, SAP GRC Access Control, SAP role maintenance, and change management mechanisms are covered in this course.

Goals

  • Identify and protect sensitive data and mechanisms in live solutions based on SAP NetWeaver Application Server
  • Use the SAP Audit Information System to structure and conduct thorough security checks and configure important security monitoring mechanisms
  • Explain the features of SAP GRC Access Control
  • Configure standard SAP role maintenance tools to produce secure company-specific roles and authorization profiles
  • Implement und use the SAP Security Optimization Service (SOS)
  • Secure change management mechanisms in production system landscapes and protect system administration tools from misuse

Audience

  • System Administrator
  • Technology Consultant

Prerequisites

Essential

Recommended

  • Knowledge of security issues, technical background (Web technologies, SAP ITS, fundamental knowledge of SAP systems)
  • ADM940 Authorization Concept AS ABAP

Course based on software release

  • SAP ECC 6.07 / SAP NetWeaver AS 7.5

Content

  • Introduction to Internal Security Auditing
    • Describing Security Auditing
  • Audit Information System (AIS) and the Audit Information System Cockpi
    • Configuring and Using the AIS
    • Performing a System Audit Using the Audit Cockpit
  • User and Authorization Audit
    • Customizing the Role Maintenance Tool
    • Securing User and Group Administration
    • Describing Segregation of Duties and Critical Authorization
    • Securing the System with Login-Related Parameters
  • System Audit
    • Configuring and Using the Security Audit Log
    • Securing System Administration Services
  • Repository and Table Audit
    • Monitoring AS ABAP Using Logs
  • Security in Change Management
    • Securing Change Management
  • Security Assessment
    • Optimizing Security Using SAP Security Optimization Self-Service
    • Consulting SAP Security Notes
    • Implementing and Checking Technical Security Recommendations