SM30 Table maintenance
Security management, system audits, hardening and monitoring
Technical developments are progressing at high speed. Thus, the term "blockchain" is not unique to digital currencies. Instead, there is talk of a technology that will disrupt existing products, services, and even business models. In order to better assess the potential and impact of blockchain technology, various companies from different technologies and, in particular, financial sectors have joined forces in consortia in recent years: The R3 Consortium, which is primarily a consortium of about 80 financial sector companies (UBS, Credit Suisse, Deutsche Bank, Commerzbank, ...). The IoT Consortium, which includes Bosch Ltd, Cisco Systems Inc, is investigating how blockchain technology can be used to secure and improve IoT networks. More than 120 financial, banking, IoT and industrial companies have joined the Hyperledger (Enterprise Ethereum Alliance) consortium. Enterprise Ethereum Alliance with about 500 startups, companies and academic institutions from a wide range of fields. Read more in my next blog post ....
There are several ways to introduce and operate new applications. As a company you have the choice between internal realisation and operation, outsourcing, cloud computing and so-called outtasking. In deciding on one of the above concepts, the SAP basis must be included for the evaluation of various technological and operational aspects, which offers the possibility to develop a sound decision. This decision has a significant impact on the future operation of SAP and the associated operating and maintenance costs. The recommendations listed here are intended to help you decide on other forms of service. Information on the recommendation can be found in the Master's thesis in chapters 7.8 and 9.6.
SWEC Events for change document
A well-cared-for emergency user concept enables the audit-proof allocation of extended permissions in combination with the assurance of daily operations in your company. This article first addresses the fundamental issues that require an emergency user approach. It then briefly explains how such a concept works in general and how we implement it. An Emergency User is normally used when tasks are temporarily taken over outside the initial field of activity. I described the different scenarios of when such a user can be used and how to deal with them in this blog post for you. Why is an emergency user approach important? There are several scenarios in which the use of an emergency user with extended rights is useful: In urgent cases, it is often necessary to be able to quickly make changes to the system that are outside the user's actual field of activity. A key user who has the necessary permissions is on vacation and needs a representation. The same user suffers short-term illness and his/her representative must take over his/her duties to ensure the operation. We recommend developing a concept for the short-term allocation of the additional permissions. This will ensure the implementation of the above scenarios. How does an emergency user approach work? An emergency user concept in SAP works fundamentally via a temporary assignment of additional rights to a specific user. After the tasks have been completed, the user is deprived of the rights. The tasks performed with the extended permissions are logged and can then be evaluated by an auditor. However, there are a few things to keep in mind: A process for granting special rights should be defined. It must be specified which users can get special rights. The time period for which users can request an emergency user should be limited.
In practice, it is quite possible that the target specifications defined in the security concept do not match the current actual status. Therefore, especially with regard to SAP security, it must always be checked whether the necessary SAP basic settings also correspond to the minimum level. Although a manual check is possible, it is very time-consuming because the necessary regularizations have to be read, interpreted and technically implemented. The Security Architect - part of the Xiting Authorizations Management Suite (XAMS) software solution developed by Xiting - offers you the possibility to precisely examine the current status of the SAP Basis settings with the help of the integrated check mode, whereby it is also possible to check several systems via RFC, starting from a central system. The scope of the check of system settings and system security includes not only the SAP Basis settings presented here, but also other SAP Basis settings. The scope of the check mode can be extended by self-defined check IDs.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
Also, the operational aspects of this role are suitable for outsourcing.
At the end of the day, Wilhelm Voigt successfully compromised the Berlin government.