Info Base
This page will be continually updated as new information becomes available, to ensure that our customers always have access to the most current resources, right at their fingertips.
The Australian National Audit Office (ANAO)
Overview:
This guide is intended primarily to provide an overview to executives and senior managers of the structure and use of the Australian National Audit Office’s Handbook on Security and Control for SAP/R3. Contains a good overview for SAP Security for the following areas:
- Basis and Cross Application Components (BC)
- Procurement to Payables (MM)
- Financial Accounting (FI)
- Controlling (CO)
- Human Resources (HR)
- Audit Information System (AIS)
The information within these areas goes down to Transaction and Authorisation Object level.
Better Practice Guide - Security and Control Update For SAP R/3 »
Better Practice Guide - PDF Document
The FIST Conferences
Overview:
Concept document concerning SAP Network Security, Cryptography, Encryption & various SAP Sign-On options. Some information on the configuration of SNC.
Government of Nova Scotia
Overview:
Audit report/review of the SAP Security landscape. Document contains informative information (non-technical) describing the audit report, detailing issues followed by recommendations.
Central Financial Management – Audit Report »
Information Systems Audit and Control Association (ISACA)
Overview:
A book specialising in Control and Risks particularly for the SAP R/3 System.
Security, Audit and Control Features SAP® R/3®:
A Technical and Risk Management Reference Guide »
The Institute of Internal Auditors
Overview:
Predominately a training site offering various seminars concerning the SAP System. More focus is given to the auditing of an SAP System, with basic-medium emphasis on SAP Security. Training delivered onsite at Deloitte&Touche by their own practitioners.
Introduction to Auditing SAP R/3 (IIA/Deloitte) »
Microsoft
Overview:
Presentation by a Microsoft/SAP Consultant, concerning mostly the IT Infrastructure Security - Network/Host/Server, etc.
SAP Security for Windows Server »
The SANS™ Institute
Overview:
Provides information down to Authorisation Object level detail on Critical Authorisation Objects, Parameters & powerful Role Development. The SANS website contains some information relevant to SAP Security.
Technical Aspect of Implementing/Upgrading SAP Security 4.6 »
http://www.securitydocs.com/library/1022 »
SAP AuditNet
Overview:
Although this site specialises in Auditing (Many SAP Audit Documents), a vast range of SAP Security documents from various sources can be obtained. Details of Company security design, SOX, BW, CUA, R3. Some documents sourced from large corporate companies.
Security - ERP GENERAL (SAP, BaaN, Oracle, PeopleSoft) »
SAPFANS.com
Overview:
Huge number of posts (100+pages), and some quite detailed replies.