A Blueprint to Secure SAP Applications Using CIS Controls As a Guide
- Thursday, June 2nd, 2016 at 1:00 PM EDT (17:00:00 UTC)
- Barbara Filkins and Alex Horan
You can now attend the webcast using your mobile device!
SAP applications are so broad, so adaptable and so tightly integrated with critical financial and management functions that it's often hard to know where to even start the effort to harden one against attack. In an age of horrendous data breaches, there is no other choice; SAP applications are the sensitive targets. Slapdash, unsystematic approaches won't do, so it makes sense to use outlines such as the CIS Critical Security Controls for guidance. The recently released Version 6 of the Critical Controls is particularly helpful in securing soft targets, especially at the application layer.
In this webcast, you will hear how the 20 CIS Critical Controls were harnessed to harden one specific SAP use case. Speakers will review changes in the new versions of the controls and offer advice on how to adapt existing Critical Controls-driven procedures and technology to meet the new guidelines in specific technology areas, including continuous monitoring, certificate management, data and device life-cycle management, intrusion detection, defenses against phishing attacks, malware and other threats.
This focus of the use case is on the needs of CISOs in the government sphere, but the same process can benefit security professionals at any organizations with an SAP implementation that needs hardening.
View the associated whitepaper here.
Barbara Filkins, a senior SANS analyst who holds the CISSP and SANS GSEC (Gold), GCIH (Gold), GSLC (Gold), GCCC (Gold), GCPM (Silver) and GLEG (Gold) certifications, has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. She is deeply involved with HIPAA security issues in the health and human services industry, with clients ranging from federal agencies (Department of Defense and Department of Veterans Affairs) to municipalities and commercial businesses. Barbara focuses on issues related to automation--privacy, identity theft and exposure to fraud, as well as the legal aspects of enforcing information security in today's mobile and cloud environments.
Alex Horan is director of product management at Onapsis Inc., where he is responsible for the development of solutions for ERP vulnerability assessment, testing and securing. Alex has over 15 years of experience working within the IT security industry, covering both software and hardware. As a result he brings a deep knowledge and understanding of vulnerability assessment and penetration testing, as well as systems and network administration and auditing, to his work at Onapsis. Alex has previously worked for midsized and large companies, helping to design and maintain their security posture.