MANTRAN announces the dates for its next SAP security training at Bangalore, India on 22 and 23 April 2011. The training covers various topics related to SAP authorizations and BASIS security and is very useful for anyone interested in SAP security. Email at trainings@mantranconsulting.com for details.
Introduction
SAP is one of the most popular ERP system used across industries. SAP system hosts sensitive and confidential enterprise data and its security is paramount to any organization. Therefore, SAP security is an integral part of information security framework of an organization. While most of the IT audits focus on infrastructure security, security of the core business system such as SAP is often ignored. The primary reason is lack of knowledge and expertise in SAP security.
SAP security is a complex area and includes various areas such as authorizations, segregation of duties, BASIS controls, and business process controls. SAP provides highly granular and detailed security and controls functionalities, which can be configured as per organization’s requirements. Auditing SAP security requires specialized knowledge and expertise.
SAP security training workshop aims to cover some of the important security controls in SAP, which an IT auditor should be aware of. A good understanding of SAP security will enable IT auditors to ensure a comprehensive IT audit.
SAP security training details
Duration: 2 days
Training content: The SAP security training will cover the following areas:
1. Introduction:
a. Overview of SAP
b. Navigating SAP
c. SAP architecture and landscape
2. Authorizations and Segregation of Duties (SoD):
a. Importance of SAP authorizations
b. SAP authorizations concept – authorization object and field, authorization, profile and role, and user master record
c. Profile – manual, generated, single and composite
d. Difference between profile and role
e. Authorization checks carried out by SAP
f. Profile generator – prerequisites, how to use profile generator, advantages and concerns
g. SoD – importance, underlying causes of SoD and compensating controls
h. SAP authorizations and SoD review – objectives, manual vs automated, native tools in SAP and commercial tools
3. BASIS controls:
a. System parameters in SAP
b. Access controls - password controls, user types, standard users security (SAP*, DDIC, SAPCPIC, EARLYWATCH), privileged profiles (SAP_ALL and SAP_NEW), standard user reports and tables
c. Change controls - SAP landscape, system and client, system and client settings, segregation of environments, transport organizer, transport management system, developer Access Key
d. Audit logs in SAP - security audit logs, table logs, etc
e. Securing tables and reports
4. Important transactions, tables and reports
About the trainer
MANTRAN is a Singapore-based leading information security consulting and training company with primary focus on SAP security and controls.
Barun Kumar is the founder and a Director with MANTRAN Consulting Pte. Ltd. Barun was previously an Associate Director with IT Advisory practice of KPMG LLP in Singapore, AVP with Technology Risk Services practice of EXL Service and Manager with IT Advisory practice of KPMG in India.
Barun is an engineer, MBA, CISA, Approva Certified Professional (ACP) and ITIL v3 certified professional.
Barun has delivered many SAP trainings – both external trainings to corporate clients as well as internal trainings. This includes a large automobiles company in Pune, an engineering conglomerate in Bangalore, an airlines company in Singapore, an IT consulting company in Bangalore, and an agribusiness in Jakarta. Barun has also conducted many public trainings, which includes one with ISACA local chapter in Mumbai and independent trainings in Singapore.
Barun has more than 10 years of experience (including more than 8 years with Big 4) in SAP security services and has performed SAP security projects in India, Singapore, South Africa, Belgium, France, Switzerland, UK and US.
Barun has designed and audited SAP authorizations, SoD and BASIS controls for many large companies.
Introduction
SAP is one of the most popular ERP system used across industries. SAP system hosts sensitive and confidential enterprise data and its security is paramount to any organization. Therefore, SAP security is an integral part of information security framework of an organization. While most of the IT audits focus on infrastructure security, security of the core business system such as SAP is often ignored. The primary reason is lack of knowledge and expertise in SAP security.
SAP security is a complex area and includes various areas such as authorizations, segregation of duties, BASIS controls, and business process controls. SAP provides highly granular and detailed security and controls functionalities, which can be configured as per organization’s requirements. Auditing SAP security requires specialized knowledge and expertise.
SAP security training workshop aims to cover some of the important security controls in SAP, which an IT auditor should be aware of. A good understanding of SAP security will enable IT auditors to ensure a comprehensive IT audit.
SAP security training details
Duration: 2 days
Training content: The SAP security training will cover the following areas:
1. Introduction:
a. Overview of SAP
b. Navigating SAP
c. SAP architecture and landscape
2. Authorizations and Segregation of Duties (SoD):
a. Importance of SAP authorizations
b. SAP authorizations concept – authorization object and field, authorization, profile and role, and user master record
c. Profile – manual, generated, single and composite
d. Difference between profile and role
e. Authorization checks carried out by SAP
f. Profile generator – prerequisites, how to use profile generator, advantages and concerns
g. SoD – importance, underlying causes of SoD and compensating controls
h. SAP authorizations and SoD review – objectives, manual vs automated, native tools in SAP and commercial tools
3. BASIS controls:
a. System parameters in SAP
b. Access controls - password controls, user types, standard users security (SAP*, DDIC, SAPCPIC, EARLYWATCH), privileged profiles (SAP_ALL and SAP_NEW), standard user reports and tables
c. Change controls - SAP landscape, system and client, system and client settings, segregation of environments, transport organizer, transport management system, developer Access Key
d. Audit logs in SAP - security audit logs, table logs, etc
e. Securing tables and reports
4. Important transactions, tables and reports
About the trainer
MANTRAN is a Singapore-based leading information security consulting and training company with primary focus on SAP security and controls.
Barun Kumar is the founder and a Director with MANTRAN Consulting Pte. Ltd. Barun was previously an Associate Director with IT Advisory practice of KPMG LLP in Singapore, AVP with Technology Risk Services practice of EXL Service and Manager with IT Advisory practice of KPMG in India.
Barun is an engineer, MBA, CISA, Approva Certified Professional (ACP) and ITIL v3 certified professional.
Barun has delivered many SAP trainings – both external trainings to corporate clients as well as internal trainings. This includes a large automobiles company in Pune, an engineering conglomerate in Bangalore, an airlines company in Singapore, an IT consulting company in Bangalore, and an agribusiness in Jakarta. Barun has also conducted many public trainings, which includes one with ISACA local chapter in Mumbai and independent trainings in Singapore.
Barun has more than 10 years of experience (including more than 8 years with Big 4) in SAP security services and has performed SAP security projects in India, Singapore, South Africa, Belgium, France, Switzerland, UK and US.
Barun has designed and audited SAP authorizations, SoD and BASIS controls for many large companies.
0 comments:
Post a Comment