Our free guide “Meeting Information Security Standards with SAP Security” provides recommendations and best practices for SAP security, based on conversations and experiences of working with SAP customers.  This document is a base template on how to approach Information Security Logging standards and how they can ensure individual accountability and provide evidence of legal requirements. 

We are constantly looking for input into this base template and feedback on experiences with working with SAP Security.  If you have any comments or feedback, please contact us here:  [email protected]

 

About the guide:

How to meet Security Logging Standards?

The primary objective with this collection of Best Practices is to ensure individual accountability and to enable investigation and collection of evidence for incidents, such as access violations, malware, and intrusion attacks, and fraud.

The secondary objective is to provide evidence of compliance against legal requirements and internal as well as external demands.

Relevance of Security Logging Standards for SAP

Fulfilment of Information Security Standards is valid for all Business Applications and IT Infrastructure owned or used by organizations classified with MEDIUM, HIGH or ENTERPRISE criticality level.

SAP along with other business applications containing personal data, confidential or strictly confidential information needs to be able to use logging to enable detection of application logic tampering and data breach investigations.

Creating Business Intelligence

The Recommended Best Practices can provide business intelligence to an organization by

  • Giving more in-depth insight into “what” has occurred
  • Providing full security monitoring
  • Enabling detailed visibility into access to personal data on SAP
  • Supporting GDPR compliance

Best Practices for SAP Security:

If you would like to discuss your own SAP Security experiences, please contact us for a consultation:  

genereal logging requirements

Looking at the general logging requirements that are needed for SAP and how LogPoint for SAP can support this.

personal data

What additional requirement should be applied to production environments where personal data or strictly confidential is used such as SAP.

requirements around log retention

What are the requirements around log retention for SAP?

reporting and auditing

Reporting and auditing.

About Logpoint for SAP

Logpoint for SAP integrates SAP systems with security information and event management (SIEM) for compliance and security monitoring. With Logpoint for SAP, organizations can continuously monitor their business-critical data to detect and quickly respond to fraud and threats within SAP.