SAP Security awareness, Make yourself heard!

Posted by Marta Ortona on Oct 28, 2022 8:15:00 AM
Marta Ortona

Read here what SAP courses are available. Read here what SAP courses are available.

Data are the new oil? That's probably it! It becomes therefore fundamental to characterize where they reside and their criticality

 

seurity awareness

 

Once all "standard" protection mechanisms are in place, namely infrastructure and application aspects, it is strategic to deal with the weakest link in the chain. The human side.

How to manage layer 8 of the ISO/OSI model

 

Awareness-raising of corporate staff 

Corporate education on data security issues, often required by some ISO certifications, has not always been implemented.

 

We focus a lot on the technological aspects underestimating the business user. 

 

It's not talking about technical courses for professionals, but courses of "wide consumption" within the company, on raising awareness about data security issues

 

But what data is relevant?

Usually sensitive data, even if widely present within information systems, aren't so easy to detect, for example: 

  • Data regarding personnel if SAP HR/HCM system is present 
  • Protection of sensitive documents SAP DMS (Document Management System). For example: technical drawings (CAD) or annexes of transactional documents.
  • Discounts to customers 
  • Bill of Materials
  • List of customers or suppliers or employees

Personal data must also be handled appropriately, see also GDPR. 

 

What can be done? 

There are several ways to promote these initiatives within the companies, we cite some:

  • Post messages on corporate/social intranet 
  • E-learning Material (see example here
  • Posters affixed in the company

 

When is it useful to intervene?

The first suggested time to raise awareness on safety issues is immediately after recruiting. Through a specific moment of training.

 

But even during the life cycle of employees it is important to keep the focus on the topic.

 

Surveys or targeted quizzes can be helpful to understand where there are gaps and how to correct them.

 

How to measure training's efficacy?

It is not always immediate to measure return on investment (ROI). Whatever choice has decided to go. 

 

Targeted and regular social engineering campaigns, in our opinion, may be a way to understand if the training has been successful. 

 

In addition to measuring safety incidents in a management model, before and after training.

 

But it is possible to make social engineering also in SAP?

Yes, of course! There are many ways to extract or steal information.

 

Train and sensitize IT personnel who manage SAP applications allows to understand requests, from internal or external users, that may be suspicious. 

 

Download the list of possible suspicious requests or to be cautious.

 

Blog post originally translated from: https://www.aglea.com/blog/sap-security-awareness-fai-sentire-la-tua-voce

Security awareness

 

 

Topics: security awareness, social engineering

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all