Why SAP Cybersecurity Framework?
The growing number of incidents against ERP systems and constant flow of weaknesses demand a change in approach to security. Security managers need to solve the problem of disintegrated security and create the strategic options and environment to ensure the security of business applications. There should be a shift from overly relying on blocking and preventing mechanisms of access controls and Segregation of Duties to integrative approaches. Security managers should ensure that protection of business application combines predictive, preventive, detective and response capabilities over vulnerabilities, Custom code issues and SOD violations and seamlessly integrate SAP Security with enterprise security processes like incident, risk and compliance management.
What is SAP Cybersecurity Framework?
EAS-SEC SAP Cybersecurity Framework was created to form a conceptual bridge between integrated adaptive security architecture and actions. SAP Cybersecurity Framework implements Gartner’s approach to adaptive security architecture in area of ERP security and describes four categories for SAP protection processes: predictive, preventive, detective and responsive. The framework articulates critical areas of actions for establishing security of ERP systems, describes desired outcomes and provides 3-step approach to succeed in each area.
How to work with SAP Cybersecurity framework?
Each category describes specific protection processes, like asset management, incident management or threat intelligence. All the processes are in line with industry recognized frameworks and approaches from NIST, SANS, ISO, CIS, but reflects the specifics of ERP systems.
SAP Cybersecurity Framework provides you three-step roadmap towards the realization of each of ERP security processes: Implementing the first step is the minimum, Second step provides you with the sufficient level of security and requires medium level of effort.Third step includes all the advanced things like automation and other stuff, that provides you the cutting-edge security capabilities.
We encourage you start small with each protection process thus, At the very moment of this building process you have all the capabilities you need to effectively secure enterprise systems.
SAP Cybersecurity Framework is developed under the EAS-SEC initiative sponsored by ERPScan Security professionals are welcome to participate to get a common, agreed and efficient standard of ERP security operations.