Goals

  • Identify and protect sensitive data and mechanisms in live solutions based on SAP NetWeaver Application Server
  • Use the SAP Audit Information System to structure and conduct thorough security checks and configure important security monitoring mechanisms
  • Explain the features of SAP GRC Access Control
  • Configure standard SAP role maintenance tools to produce secure company-specific roles and authorization profiles
  • Implement und use the SAP Security Optimization Service (SOS)
  • Secure change management mechanisms in production system landscapes and protect system administration tools from misuse

Audience

  • System Administrator
  • Technology Consultant

Prerequisites

Essential

Recommended

  • Knowledge of security issues, technical background (Web technologies, SAP ITS, fundamental knowledge of SAP systems)
  • ADM940Authorization Concept AS ABAP

Course based on software release

  • SAP ECC 6.07 / SAP NetWeaver AS 7.5

Content

  • Introduction to Internal Security Auditing
    • Describing Security Auditing
  • Audit Information System (AIS) and the Audit Information System Cockpi
    • Configuring and Using the AIS
    • Performing a System Audit Using the Audit Cockpit
  • User and Authorization Audit
    • Customizing the Role Maintenance Tool
    • Securing User and Group Administration
    • Describing Segregation of Duties and Critical Authorization
    • Securing the System with Login-Related Parameters
  • System Audit
    • Configuring and Using the Security Audit Log
    • Securing System Administration Services
  • Repository and Table Audit
    • Monitoring AS ABAP Using Logs
  • Security in Change Management
    • Securing Change Management
  • Security Assessment
    • Optimizing Security Using SAP Security Optimization Self-Service
    • Consulting SAP Security Notes
    • Implementing and Checking Technical Security Recommendations