There comes a time when you have to deal with auditors. I have put together a check list to go through. If this is a new implementation you should go through this and may be you can impress your boss.
Fuente: www.sapsecurityonline.com
If you have any doubts as to whether or not revisiting your SAP infrastructure security is worth your while, take this short test and see how well your SAP systems security now fares....
- follow the link
- SAP R/3 user ID SAP* and other system user id has been adequately secured.
- The production system has been set to productive.
- Access Restriction: SCC4 and SE06
- S_DEVELOP is secured
- Change management is secured and controlled
- Transport access to production is restricted
- Developer access in production
- Change critical number range is restricted
- Custom tables has authorization group
- Locking of sensitive systems transaction codes
- BDC user types should has only required access
- Run Program in the back ground
- Changes to critical SAP R/3 tables are logged
- Scheduling and Monitoring Batch jobs
- Access to run reports should be restricted.
- Critical and custom SAP R/3 tables are restricted.
If you feel I should add more email me admin@sapecc.com
Fuente: www.sapsecurityonline.com
No hay comentarios:
Publicar un comentario