Beschreibung
Produktsicherheitsverordnung
Hersteller:
Rheinwerk Verlag GmbH
service@rheinwerk-verlag.de
Rheinwerkallee 4
DE 53227 Bonn
www.rheinwerk-verlag.de
Autorenportrait
Gaurav Singh is an SAP cybersecurity manager at Under Armour with more than 17 years of experience and a proven track record of helping organizations protect themselves from cyber threats while maximizing their SAP investments. In addition to his cybersecurity leadership role, Gaurav is an accomplished speaker and published author. He has presented at the SAP Insider conference, cybersecurity track, been featured in international journals, and been recognized as an SAP Insider Expert. Gaurav's expertise spans the entire spectrum of SAP security, including identity and access controls, governance, risk, and compliance, vulnerability management, threat management, incident response, and backup and disaster recovery. He is passionate about going beyond traditional SAP security to implement true cybersecurity, covering all aspects of the SAP secure operations map, from infrastructure to cloud security.
Inhalt
... Who Should Read This Book ... 19
... Acknowledgments ... 19
1.1 ... CIA Triad ... 22
1.2 ... Identification, Authentication, Authorization, and Accountability ... 24
1.3 ... Nonrepudiation ... 26
1.4 ... Vulnerabilities, Threats, and Risks to SAP Applications ... 26
1.5 ... OWASP Top 10 ... 31
1.6 ... Ransomware ... 40
1.7 ... Frameworks ... 41
1.8 ... Security Research ... 43
1.9 ... Summary ... 44
2.1 ... Evolution of Vulnerabilities and Threats to SAP Applications ... 45
2.2 ... Why Traditional SAP Security Can’t Protect against Cybersecurity Threats ... 56
2.3 ... Obstacles to Cybersecurity Implementation ... 61
2.4 ... Traditional SAP Security: What Works and What Doesn’t ... 71
2.5 ... Summary ... 82
4.1 ... National Institute of Standards and Technology Cybersecurity Framework ... 166
4.2 ... Center for Internet Security Critical Security Controls ... 170
4.3 ... Secure Operations Map ... 171
4.4 ... Govern ... 177
4.5 ... Identify ... 183
4.6 ... Protect ... 193
4.7 ... Detect ... 238
4.8 ... Respond ... 243
4.9 ... Recover ... 247
4.10 ... Onapsis Platform ... 250
4.11 ... Summary ... 263
5.1 ... SAP Notes ... 265
5.2 ... Managing Vulnerabilities in the SAP Landscape ... 273
5.3 ... Patch Days ... 288
5.4 ... Summary ... 292
6.1 ... Threat Management for SAP ... 293
6.2 ... Threat Intelligence ... 304
6.3 ... Anomaly Detection ... 309
6.4 ... Incident Response, Logging, and Monitoring in SAP ... 310
6.5 ... Summary ... 327
7.1 ... It’s a Matter of When, Not If ... 330
7.2 ... Are We Ready for Disaster? ... 333
7.3 ... Business Continuity/Disaster Recovery for SAP ... 338
7.4 ... Backup Strategy ... 352
7.5 ... Protect Your Keys ... 353
7.6 ... Disaster Recovery Tests ... 354
7.7 ... Summary ... 356
8.1 ... Responsibilities and Models ... 359
8.2 ... Operating System Level Security: Secure by Design ... 362
8.3 ... Roles and Responsibility Matrix ... 369
8.4 ... Inventory ... 370
8.5 ... Privileged Access Management ... 372
8.6 ... Logging and Monitoring on the Infrastructure Level ... 373
8.7 ... Physical Data Centers versus Cloud Data Centers ... 375
8.8 ... Antivirus and Anti-Malware Scanning ... 377
8.9 ... Summary ... 378
9.1 ... Network Basics Concepts ... 379
9.2 ... Network Security: Core Principles and Practices ... 391
9.3 ... Network Security for SAP ... 395
9.4 ... Summary ... 401
10.1 ... Resources in SAP Trust Center ... 403
10.2 ... SAP for Me ... 417
10.3 ... Summary ... 418
11.1 ... SAP S/4HANA Migration and What It Means for Cybersecurity ... 420
11.2 ... What the Cloud Means for SAP Cybersecurity ... 428
11.3 ... Summary ... 445
