ChatGPT & SAP Security

Posted by Fabio Mambretti on Aug 4, 2023 8:00:00 AM
Fabio Mambretti

What is ChatGPT? What is it used for? And how can it be useful to us?

SAP_SECURITY-1

We have some proof!

What is ChatGPT?

ChatGPT is a large language model developed by OpenAI, an artificial intelligence research organization.

ChatGPT is based on a machine learning algorithm called Transformer, which enables it to generate text autonomously.

The model has been trained on a large number of data, which enables it to understand and generate text naturally.

It is mainly used for natural language processing (NLP), includes natural language understanding, text generation, machine translation and other applications.

The definition above is the answer to the question posed directly to ChatGPT.

 

Let's see some examples regarding SAP Security

I started by asking what SAP Security means

SAP_SECURITY_risposta

 

SAP Security refers to security measures implemented to protect an organization's systems and data using SAP software. This may include:

 

  • access management,
  • data encryption,
  • security event monitoring, and compliance with corporate regulations and policies.


    In summary, SAP Security is about protecting the integrity, availability and confidentiality of data managed by SAP systems.

    A good answer, just a grammatical error but a good answer.

    At this point I tried to go a little further by asking for some more specific information.

 

What is an "SAP security authorization concept"?

Yet again a very good answer:

SAP Authorization Concept

 

"The concept of SAP security authorization refers to the management of access to data and functionality within an SAP system.

In other words, it is an access control system that determines who has permission to access what data and functionality within the SAP system.

This is accomplished using a combination of user profiles, roles, and transactions. User profiles are defined for specific users and describe the access permissions for each.


Roles are predefined sets of permissions that can be assigned to users. Transactions are the individual operations that users can perform within the system, such as viewing a report or creating an invoice.


The idea is to restrict access only to those who need to use certain features or data to do their work, thus limiting the risk of security breaches and unauthorized access."

In general it is correct to talk about profiles (as they still exist) however it is more of a legacy of the past that in the text does not appear to be so obvious.

Asking the question directly to ChatGPT, the answer in this case was not the best, as there does not seem to be much difference between the two objects:

Profilo SAP

 

What about questions regarding the SoD or segregation of other activities?

 

For example, I asked these additional questions:

 

  • How to segregate access to individual material views within SAP?
  • How to solve a Segregation of Duties problem in SAP?

 

Segregazione

 

A very extended answer above, which is generally valid but does not answer the question precisely. So is the next question. Generally correct but operationally with several shortcomings.

SOD

 

What about code security? Can it be useful?

A small test to verify if a code is secure or not:

Analisi del codice

Finally, the answer to the last question, namely "Why is corporate security subjective?" is interesting.

La sicurezza è soggettiva

 

Enterprise security is subjective because it depends on the specific needs and priorities of the organization.

Each company has a unique combination of risks, goals, and budgets, so security solutions that work for one organization may not be suitable for another.

In addition, business security risks change over time due to evolving cyber threats and changing rules and regulations.

This means that security solutions that were effective in the past may no longer be adequate to protect the organization from current threats.

In addition, corporate security is subjective because it depends on existing corporate culture and practices. For example, a company with an open and collaborative culture will have different security needs than a company with a more closed and hierarchical culture.


Finally, corporate security is subjective because it depends on the perception of risk by the company's employees and managers.
For example, a company that has experienced a data breach will likely have a higher perception of risk than a company that has never experienced a breach.

In general, enterprise security is an ongoing process that requires constant analysis of the organization's risks and needs to ensure that the security solutions adopted are effective in protecting the company.

Iscriviti al blog se ancora non lo hai fatto!

Topics: chatGPT, AI

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all

SAP Security Blog AGLEA RSS Feed

Aglea s.r.l. - Subject to the management and coordination of Horsa S.p.A. - P. IVA: IT 03868780960 - 2024 | Privacy Policy - Cookie Policy