Advanced SAP ERP and SAP S/4HANA Audit and Security - ASE441

Advanced SAP® ERP Audit and Security

Advanced SAP ERP and SAP S/4HANA Audit and Security - ASE441
ENROLL IN THIS COURSE

Upcoming Dates & Locations

Advanced SAP ERP and SAP S/4HANA Audit and Security - ASE441

CPE:24


Price: $1833.00


Overview

This course provides students and in-depth understanding of SAP Basis, SAP S/4HANA, and security assessment techniques to perform a detailed technical audit and review of SAP GRC.


Who Should Attend

IT audit and SAP Security personnel, as well as people in compliance or related functions that explore technical SAP risks and controls in detail.


Prerequisites

  • Audit and Security of SAP ERP (ASE241), or equivalent experience.

What You’ll Learn

You will learn about the application’s risks and controls, the core elements of the application, and how to audit the application effectively.


Objectives

  • Reviewing the Basics
    • Advanced parameter settings
      • Special authorization objects
        • Control over standard SAP users and user types
          • Logging Options
            • NetWeaver security and control
              • Security-Related Analytics
                • Auditing SAP Customizations
                  • S/4HANA Security Overview + Implementation Best Practices
                    • SAP Hardening & Hacking

Agenda

Reviewing the Basics:

  • system parameters
  • authorization concept
  • assessing segregation of duties and critical access
  • most critical basis and security risks

Advanced SAP System Parameters:

  • parameters that can cost you money
  • parameters that mitigate terminated/transferred employee risks
  • single sign-on parameters
  • logging-related parameters

Advanced SAP Basis Security:

  • securing direct access to tables
  • securing access to ABAP programs
  • controlling administrator access
  • controlling transport administration and access
  • protecting security-critical objects and tables

Controlling Non-Dialog User Types:

  • system users
  • communication users
  • service users
  • reference users (and their undocumented risks)

Special Considerations:

  • protecting the most powerful ID in the SAP system
  • global deactivation of authorization objects
  • Remote Function Calls (RFC)
  • virus protection

Netweaver Security:

  • Secure Network Communications (SNC)
  • Security for the SAP Web AS ABAP and Java components
  • Protecting the SAP Gateway
  • SAProuter issues

Advanced Auditing of SAP Customizations:

  • reviewing ABAP code for insecure statements and back doors
  • including custom tables in change document reports
  • securing customized objects

Hacking SAP (aka: Hardening SAP against Hacking):

  • current state of SAP cyber-security
  • breaking SAP passwords
  • taking over SAP user accounts
  • SQL injection and other common exploits
  • secure SAP programming (ABAP & Java)
  • freeware hacking tools (and paid pen-testing tools)

Analyzing SAP Tables:

  • transparent, cluster and structure tables
  • key configuration tables
  • key master data tables
  • using the SQ01 query builder
  • data access with ACL/IDEA

Other Modules (based on class interest):

  • configured control opportunities
  • other process-related controls
  • useful reports and security considerations

New issues with S/4HANA:

  • overview of S/4HANA
  • major security-related changes
  • cloud implication
  • implementation considerations

Why You Should Attend

You should attend because auditors at organizations using SAP ERP should know how to conduct in-depth reviews of the application and audit its core and specialized functions.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.

ENROLL IN THIS COURSE