Home / Security

Security

New SAP Tokenization Standards Lifting Credit Card Security in 2018

The most recent PCI standards have introduced new complications for organizations handling digital payment systems. PCI Requirement 3 prohibits storing unsecured credit card information. Penalties for failing to do so can expose them to fines of $500,000 or more. Meeting PCI Requirement 3 standards isn’t just important to avoid regulatory …

Read More »

What remains unsolvable in security (Part 2 of 2)

As we round up the year, I am summarizing my thoughts and observations in 2017 as a personal reflection. In the second part of the series, I will share two more observations of what I consider as unsolvable aspects in security. Observation #3: Better communication is a starter, but does …

Read More »

Severe Computer Infection Returns

My recent ransomware case that ended up badly. A friend of mine has recently contacted me asking to help with a crypto-virus. His company has been hit by a ransomware. Virus managed to infect two networks, running files (VHDs) mostly. So, all files got encrypted and became unusable. The infection …

Read More »

SAP Security Patch Day – January 2018

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his …

Read More »

SAP Security Patch Day – December 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his …

Read More »

SAP Cyber Threat Intelligence report – January 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways The first set of SAP Security Notes …

Read More »

Read Access Logging (RAL) Configuration

Dear all, In the context of General Data Protection Regulation (GDPR) in the EU (European Union) region, we explored tools to monitor and log the read access to sensitive data We have used simple use case recording / logging the access to USR02 table via SE16 transaction code. What is …

Read More »

Join us at the SAP Insider Conferences 2018!

Join our security experts at the SAP Insider events coming up in 2018! Conference season kicks off with GRC 2018, taking place February 12-15 at the Wynn Hotel in Las Vegas. GRC 2018 is co-located with Financials 2018. Next is Basis & SAP Administration 2018 at the Bellagio Hotel in …

Read More »

SAP Security Patch Day – December 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his …

Read More »

Join us at the SAP Insider Conferences 2018!

Join our security experts at the SAP Insider events coming up in 2018! Conference season kicks off with GRC 2018, taking place February 12-15 at the Wynn Hotel in Las Vegas. GRC 2018 is co-located with Financials 2018. Next is Basis & SAP Administration 2018 at the Bellagio Hotel in …

Read More »

What remains unsolvable in security (Part 1)

Where is all the knowledge we lost with information? -T.S. Eliot Thanksgiving is always a good time for us to think back and reflect on what we manage to accomplish this year. As a personal reflection, I have focused my effort on vulnerability coordination and responsible disclosure this year. I have …

Read More »

8 Alarming ways your cyber security is at risk

It was 1984 when this prophecy was upon us, “I always feel like, somebody’s watching me. And I have no privacy.” The lyrics by American singer Rockwell were soon to prevail our current world, surrounding technology.  It is now nearing the end of the year 2017 and I am here …

Read More »

Configure Network Edge Authentication

With ABAP 7.51, a new authentication scenario was announced: Network Edge Authentication. You can read about it here. This is a great new feature for securing http-based access to your systems. This blog will guide you through the implementation, using x509 certificates as token type, in the different systems. Documentation …

Read More »

SAP Security Patch Day – November 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his …

Read More »

Anonymization: Analyze sensitive data without compromising privacy

When is data truly anonymized? You can probably remember several cases where organizations such as public transport organizations or telecommunication providers published insufficiently “anonymized” data sets resulting in very damaging highly visible news headlines. This is not to do any finger-pointing, because you know what? Anonymization is really hard! For …

Read More »

SAP Cyber Threat Intelligence report – October 2017

The SAP threat landscape is always growing thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind SAP Cyber Threat Intelligence report is to provide an insight into the latest security threats and vulnerabilities. Key takeaways This set of SAP Security Notes consists of 30 …

Read More »

SAP Security Patch Day – October 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his …

Read More »

How to prepare for GDPR

In our last blog we discussed about What Is GDPR & Why Should Your Business Care ? https://blogs.sap.com/2017/10/02/what-is-gdpr-and-why-should-your-business-should-care/# In this blog we will discuss How to prepare for GDPR Step #1 In preparation for GDPR it is important to work on idenfiying some of the key aspect of sensitive data …

Read More »

A reflection on Cybersecurity awareness

October is cybersecurity awareness month. The National Cyber Security Alliance (NCSA) kicked off its awareness campaign this week with a day-long global launch event. SAP is glad to be part of the champion organizations supporting this year’s initiative. In this blog post, I will share three takeaways I learned from …

Read More »

What Is GDPR And Why Should Your Business Care ?

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. In the past 20 years technology advancement had enabled users with products, tools ,devices for ease of access to data and had completely complicated enterprise data protection. CIO’S  need to pay attention to this …

Read More »