SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

A Blueprint to Secure SAP Applications Using CIS Controls As a Guide

  • Thursday, June 02, 2016 at 1:00 PM EDT (2016-06-02 17:00:00 UTC)
  • Barbara Filkins, Alex Horan


  • Onapsis

You can now attend the webcast using your mobile device!



SAP applications are so broad, so adaptable and so tightly integrated with critical financial and management functions that it's often hard to know where to even start the effort to harden one against attack. In an age of horrendous data breaches, there is no other choice; SAP applications are the sensitive targets. Slapdash, unsystematic approaches won't do, so it makes sense to use outlines such as the CIS Critical Security Controls for guidance. The recently released Version 6 of the Critical Controls is particularly helpful in securing soft targets, especially at the application layer.

In this webcast, you will hear how the 20 CIS Critical Controls were harnessed to harden one specific SAP use case. Speakers will review changes in the new versions of the controls and offer advice on how to adapt existing Critical Controls-driven procedures and technology to meet the new guidelines in specific technology areas, including continuous monitoring, certificate management, data and device life-cycle management, intrusion detection, defenses against phishing attacks, malware and other threats.

This focus of the use case is on the needs of CISOs in the government sphere, but the same process can benefit security professionals at any organizations with an SAP implementation that needs hardening.

View the associated whitepaper here.

Speaker Bios

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Alex Horan

Alex Horan is director of product management at Onapsis Inc., where he is responsible for the development of solutions for ERP vulnerability assessment, testing and securing. Alex has over 15 years of experience working within the IT security industry, covering both software and hardware. As a result he brings a deep knowledge and understanding of vulnerability assessment and penetration testing, as well as systems and network administration and auditing, to his work at Onapsis. Alex has previously worked for midsized and large companies, helping to design and maintain their security posture.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.