Yesterday, I came across an SAP SDN forum post regarding the Role of a Security Consultant in an SAP implementation Project posted by Mohammed Naseeruddin. check forum post
Question: What is the role of a Security Consultant in an SAP implementation Project and the stages in which he is involved?
My Answer:
The role of a Security consultant in any SAP product implementation (not just GRC) is wide enough and it’s hard for anyone to sum up on a single forum post. Still I can give you some pointers.
Security consultants come from different backgrounds, some from networking, database administration, infrastructure and even development like me. They contribute enormously to any product implementation from scratch (landscape design) to go-live (and continuous maintenance) so they are active on every phase of the implementation.
Take control against spam and viruses by providing internet security for your web-based applications.
Following are some of the activities they may perform (or participate)
- System Landscape Design (work closely with BASIS and DBAs)
- Check Infrastructure feasibility from security perspective (For Portals exposed to internet or extranet work closely with network providers for firewall security, VPS etc.)
- Propose security guidelines, access policies, disaster recovery plan, business continuity roadmap (work closely with information security consultants and internal auditors or risk management teams)
- Implement SAP solution specific Security measures (involves almost every SAP solution) for example: SAP R/3 security, GRC, BW/BI, HR, FI, Portal security etc.
- participate in application integration for example: LDAP, IDM, SAP UME, shared directories etc (User master records security is on high priority).
- Check for any possible backdoor access vulnerabilities (ex: open RFCs, function modules like ping_rfc), and it involves almost all SAP solutions and there are special procedures to analyze such vulnerabilities.
There are many such activities that a security consultant perform on day to day basis. Please do not interprete the above mentioned activities (entirely) as a criteria for any security consultant profile. There are many many possibilities for a security consultants to work from pen testing to SoD violation remediation and so on.
If you like to know about the forensic SAP security specialist skills. Take a quick look at http://amudee.com/?p=378
Basically replace, it’s been recently some time since i have am posting feedback to blogs, this one is an exclusion. Sustain the truly amazing work good friend. I hope to discover extra ones in the blog community.
Recognition for magnificent commentary. expect on the way to see more soon.
This is my first time I have visited your site. I found a lot of interesting stuff in your blog. From the volume of comments on your posts, I guess I am not the only one! keep up the great work.
We are a group of volunteers and starting a new project in our community. Your site provided us with valuable information to help us get started|.You have done an impressive job!
Detailed post can i have your permission to translate into French for our sites readers? If so what dort of acknowledgment would you prefer?
Just subscribed to the blog, thank you so much for the updates. great new site in the town. cheers amudee
Thanks for the educational post. I have been perusing plus enjoying your website.
Very usefull post can i have your permision to translate into Spanish for my blogs viewers? Thanks
Yes you can but please make sure you follow our terms and conditions, please go through the disclaimer and creative common no derivative work licence given in the footer of the website. Please share alike for non-commercial purposes. Thank You.
Could you please write little bit more on this, I am also looking forward to kickstart my SAP journey but have no idea where to start from. We do have a SAP institute here but the courses seems too expensive. Do you have any guidance for me? Bale Zentis
People are quite hectic today and when you are researching for anything and find it, you desperately want to give thanks the writer – and it’s this that I’m doing at the moment – Kudos!
[...] original here: Role of a Security Consultant in an SAP implementation Project … By admin | category: security consultant | tags: contribute-enormously, [...]