Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
24Activity
P. 1
Security Admin

Security Admin

Ratings: (0)|Views: 442 |Likes:
Published by vsivaramakrishna
SAP BASIS SECURITY ADMIN
SAP BASIS SECURITY ADMIN

More info:

Published by: vsivaramakrishna on Feb 10, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/22/2012

pdf

text

original

 
 System Administration Made Easy 11
 –1
&KDSWHU
6HFXULW\$GPLQLVWUDWLRQ
&RQWHQWV
Overview................................................................................................................11
 –2Audits.....................................................................................................................11–4Security Layers .....................................................................................................11–6Operational Security...........................................................................................11–25Audit Tools ..........................................................................................................11–37Audit Tasks..........................................................................................................11–57
 
Chapter 11: Security AdministrationOverviewRelease 4.6A/B
 
11
 –2
 
2YHUYLHZ
The purpose of this chapter is to make you aware of your responsibilities as the R/3 systemadministrator(s) for security. These responsibilities include:
<
Protecting the R/3 System
<
Preparing you for a computer security auditWhen an audit is performed on an R/3 System, the administrator(s) will be responsible forresponding to the audit findings. This chapter is an attempt to prepare you for these audits.Each auditing firm has their own audit procedures and may look at many different items, sowe cannot prepare you for everything. However, we will try to prepare you for the coregroup of items that all firms normally look at.This chapter is only an introduction to computer security and its importance. Although anentire book can be written on this subject, even that would be insufficient. We recommendthat you contact and work with all the parties (external auditors, internal auditors, financedepartment, legal department, and others) who might be affected by system security.
:KDWLV6HFXULW\"
Security is more than the R/3 authorization (or keeping “undesirables” out of the system).It is concerned with the following issues regarding data:
<
Protecting it from hardware problems
<
Maintaining its integrity
<
Restoring it in the event of a disasterSecurity is a broad topic and can be organized in many different ways. Some of the areascovered include:
<
Keeping unauthorized people out of the system
<
Keeping people out of places that they should not be
<
Safeguarding the data from damage or loss
<
Complying with legal, regulatory, and other requirementsEach of these areas can be further divided.
.HHSLQJ8QDXWKRUL]HG3HRSOHRXWRIWKH6\VWHP
This area is what we usually think about as security and includes the R/3 authorizationconcept, operating system and network logon security, and physical security.
.HHSLQJ3HRSOHRXWRI3ODFHV:KHUH7KH\6KRXOG1RW%H
This area covers users having access to more parts of the system and to more data than theyneed to perform their job. The data may not be damaged but accessing and revealing thisdata could be equally damaging.
 
Chapter 11: Security AdministrationOverviewSystem Administration Made Easy11
 –3
 Examples of this sensitive data include:
<
Your company’s customer list, contacts, and sales volume.This information could be used by a competitor.
<
Your employees’ personnel data.There are privacy laws that protect this type of data.
<
Financial performance data, such as quarterly financial statements.There are strict SEC rules governing insider trading (see below for a definition of insidertrading).
<
Items specified in contracts with customers, vendors, or other parties.
6DIHJXDUGLQJWKH'DWDIURP'DPDJHRU/RVV
There are two major sources of damage:
<
Accidental, such as:
Loading test data into the production system.This situation happens, unfortunately, more often than people admit.
A hardware failure.
A fire that destroys the data center.
Arson
A flood, hurricane, earthquake, tornado, or other regional natural disasters.
<
Deliberate, such as:
A disgruntled employee who deletes or damages files from the system.
A hacker who deletes or damages files from the system.
&RPSO\LQJZLWK/HJDO5HJXODWRU\DQG2WKHU5HTXLUHPHQWV
:KDW
Other reasons for security are defined by laws, contracts and other parties.Security is a sensitive issue, and it has legal implications. One good example of security isinsider trading. Before defining insider trading, we have to first define insider knowledge orinside
 
information
.
Insider knowledge or inside information means you have information,which is not known or available to the general public. If the information is known to thegeneral public, it could affect the stock price. Insider trading is using inside information tobuy or sell stock and make a profit or reduce a loss. Even if you do not profit from the sale,you could be held liable.

Activity (24)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Praveen Asthana liked this
jjitendra84 liked this
arbabhusain007 liked this
sarframx liked this
rraakesh liked this
Deepak liked this
comptechlpc liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->