Securing Your Systems in the Digital World
Your UK & Ireland SAP User Group is running this event in conjunction with ISACA.
ISACA is a global non-profit membership association for IT governance, risk management, cyber & information security and assurance professionals. Established in 1969, ISACA now has more than 140,000 members in 180 countries worldwide. ISACA is a leading provider of research, certifications and community collaboration, with the aim of improving trust in, and value from, information systems; helping organisations to realise the positive potential of their use of technology. ISACA is widely recognised for its research, training, tools and publications in the areas of:
- governance, through the COBIT® family of products, a business framework to govern enterprise technology;
- cyber and information security, through Cybersecurity NexusTM (CSX);
- audit and assurance through the IT Assurance Framework, providing a wide range of audit/assurance questionnaires, including a SAP audit and assessment toolkit.
The event will be focussed on 3 key stream areas:
- Cyber Security
- Audit & Assurance
The event will consist of two keynote sessions in the morning and nine breakout sessions in the afternoon.
Richard Hunt from Turnkey will present The Increasing Cyber Threat to SAP and What to Do About It.
This session will discuss the changing cyber threat landscape and the way in which this affects the right approach to securing our SAP assets. Richard will also discuss the importance of getting the basics right together how the various tools available in any SAP system that can be configured to protect your SAP systems from cyber threats.
Dr Neil Patrick from SAP will present GDPR in the field – observations
Learn what SAP have seen in the field from their customer’s GDPR compliance programmes, their challenges and approaches, also how SAP is working with them on their own journeys.
Breakout sessions include:
- Best Practices for Cloud Provider Data Security, Andy Sugde, Virtustream
- Data security, compliance and control are top enterprise concerns when considering a cloud service. Organisations are dealing with increased data security requirements from executives, customers, governments and regulatory agencies. In this session learn the data security best practices for cloud providers and review how cloud provider Virtustream implemented strong data security for SAP.
- Security in SAP HANA, SAP S/4 HANA and SAP Fiori, Johan Hermans ,CSI tools
- Johan will talk about the ways to set up access rights in the new HANA platform. The way users and access rights work in SAP HANA, SAP S/4HANA and SAP Fiori environments will be explained thoroughly. Participants will learn how they can re-use or adapt existing user access concepts form the ABAP environment in the new HANA platform.
- SAP Live Hacking – Is your “Business DNA” protected???, Manfred Hofmann & Marco Hammel, Virtual Forge
- The Live Hacking will demonstrate how a hacker misuses vulnerabilities to hijack a SAP-System and gain access to the “DNA” of your company.
- The essentials surrounding User Behaviour Analytics to detect and protect your business in the digital age, David Lloyd & Moshe Panzer Grey Monarch & Xpandion
- User Behaviour Analytics (UBA) is becoming an increasingly important layer of protection against corporate threats and attacks, whether they be malicious or unintentional. In this session we will cover the essential elements of UBA along with some fascinating real-life examples of it’s use and success in thwarting and detecting cyber attacks, fraud, corporate theft, and potential exposure to indirect-access licensing costs of 3rd party systems and IoT.
- Protecting sensitive data in your SAP systems using strong user authentication, Tim Alsop, CyberSafe
- A short presentation, followed by a 30 minute interactive discussion, covering the following topics:
- What are the financial implications of a SAP data breach?
- How to combine SSO with strong user authentication.
- Issues with passwords.
- How to reduce the risk of a SAP data breach.
- The role of Access Rights Management in cyber security– It’s what’s inside that counts! Simon Cuthbert, 8Man
- With new research claiming people are still the biggest threat to cyber security, organisations must make managing what their employees have access to a priority, before it's too late. Simon Cuthbert is a 25 year veteran of the IT Industry. Having spent over 20 of those years focussed on security he has seen many changes in the way we do business. The one constant is people. Simon will discuss how the Insider Threat is still the single biggest point of failure in ‘Cyber security’.
- Putting General Data Protection Regulations into Practice for SAP Information, Oscar Trompe from SAP
- GDPR is already law and companies have until May 2018 to ensure that they are compliant or risk a fine of up to 4% of their global turnover.
The GDPR regulation is so vast no single solution in the market can address all of it. Single solutions only address a subset of it, often small. Furthermore, there is no single most important area to focus on to the exclusion of any other. It is not ‘just’ about data, but how data is used and managed within an organisation. Every customer will have their own legacy IT footprint that will have an impact on what systems need to be brought under GDPR compliance. SAP have the unique advantage of best of breed solutions when used together to provide a comprehensive platform that will help organisations demonstrate GDPR compliance: for both SAP and non-SAP systems.
- SAP Cloud Trust Center, Heike Fiedler-Phelps, Product Owner SAP Cloud Trust Center
- SAP provides transparency of its Cloud Services with the new SAP Cloud Trust Center, a public website with unified and easy access to all SAP cloud trust-related content. The SAP Cloud Trust Center delivers transparency with ease of access on SAP cloud related processes and availability of for all critical areas of business enabling technologies - from compliance to live cloud service avaiability. The SAP Cloud Trust Center serves as an accelerator in the decision making process of prospective and current customers since it will provide all required information up front and not only upon request. It is a trusted source where users can initiate requests, such as for SOC reports, engage with SAP, and collect all assets and information they need, when they need it. Find out more about the SAP Cloud Trust Center and see a live demo.
- Single Sign-On and the changes over the years, including their roadmap for future releases, Cavan Arrowsmith, SAP
- Single Sign-On is part of the puzzle for GDPR compliance; helping support an organisation’s user authentication strategy and implementing operational access controls to reduce the risks of suffering a data breach - caused by employees and contractors writing down their system passwords on a post-it note.
You can view the full synopsis for each of these sessions in the breakout information documents in the file resources.
We hope to see you there!