Our free guide “Meeting Information Security Standards with SAP Security” provides recommendations and best practices for SAP security, based on conversations and experiences of working with SAP customers. This document is a base template on how to approach Information Security Logging standards and how they can ensure individual accountability and provide evidence of legal requirements.
We are constantly looking for input into this base template and feedback on experiences with working with SAP Security. If you have any comments or feedback, please contact us here: [email protected]
About the guide:
How to meet Security Logging Standards?
The primary objective with this collection of Best Practices is to ensure individual accountability and to enable investigation and collection of evidence for incidents, such as access violations, malware, and intrusion attacks, and fraud.
The secondary objective is to provide evidence of compliance against legal requirements and internal as well as external demands.
Relevance of Security Logging Standards for SAP
Fulfilment of Information Security Standards is valid for all Business Applications and IT Infrastructure owned or used by organizations classified with MEDIUM, HIGH or ENTERPRISE criticality level.
SAP along with other business applications containing personal data, confidential or strictly confidential information needs to be able to use logging to enable detection of application logic tampering and data breach investigations.
Creating Business Intelligence
The Recommended Best Practices can provide business intelligence to an organization by
- Giving more in-depth insight into “what” has occurred
- Providing full security monitoring
- Enabling detailed visibility into access to personal data on SAP
- Supporting GDPR compliance
Best Practices for SAP Security:
If you would like to discuss your own SAP Security experiences, please contact us for a consultation:
Looking at the general logging requirements that are needed for SAP and how LogPoint for SAP can support this.
What additional requirement should be applied to production environments where personal data or strictly confidential is used such as SAP.
What are the requirements around log retention for SAP?
Reporting and auditing.
About Logpoint for SAP
Logpoint for SAP integrates SAP systems with security information and event management (SIEM) for compliance and security monitoring. With Logpoint for SAP, organizations can continuously monitor their business-critical data to detect and quickly respond to fraud and threats within SAP.