SAP Pages
When you’re just starting out with SAP Security, it’s not always easy to find the right pages at hand. Below you will find a few useful pages.
SAP Customer Influencer
SAP offers customers the opportunity to contribute their ideas and suggestions for improvement. You can simply get involved via the Customer Influencer Program. If you’ve created and entry, it’s best to share the improvement request in your network, the more customers vote for it, the more likely it is to be picked up by SAP.
SAP Security Optimization Services Portfolio
One of the central SAP Security entry pages is certainly https://support.sap.com/sos. In addition to the SAP Secure Operations Map and the SAP Security Baseline Template, you will find a lot of useful information about SAP Security.
SAP Trust Center
If you have to deal with the topic of SAP Cloud Security, you can’t avoid the SAP Trust Center and the My SAP Trust Center. For the latter, you simply have to register. Here you will find everything relevant to the topic of compliance and certificates.
Cloud Security Recommendations
Beside the SAP Baseline Template, SAP provides guides for the cloud environment, the so called Cloud Security Recommendations. Here can you find recommendations for BTP, Ariba, Commerce Cloud, etc.
Cloud Discovery Center
In the Cloud Discovery Center you will find everything about the Business Technology Platform Services. Starting with a lot of information, links and learning material to learning missions.
SAP Development Tools
On the SAP Development Tools website you will find all kind of development tools to try out and test.
SAP Whitepapers
If you are looking for security whitepapers, you can find them under the following quicklink https://support.sap.com/en/security-whitepapers.htm
SAP Ports
If you’ve ever wondered which ports SAP uses, then you’ll probably find a suitable answer in the SAP Port Viewer
SAP API Business Hub
You can find everything about APIs in the SAP API Business Hub.
Datenschutz
Since the General Data Protection Regulation, the topic of data protection has gained momentum. The reason for this is probably the high penalties and the presence in the media. And of course, the whole thing also has an impact on SAP and the work in this area will not run out so quickly. If you want to get an overview of the topic, I can recommend the following pages.
EU Law
On the EUR-Lex website you can find the General Data Protection Regulation in various languages to download and compare directly. https://eur-lex.europa.eu/eli/reg/2016/679/oj
Overview of GDPR penalties
The GDPR Enforcement Tracker website gives a nice overview of penalties imposed.
Global Data Protection Regulations
On DataGuidance.com you will find an overview of the various data protection regulations around the globe.
Learning stuff
Even if you have been working in the IT industry for a long time, you can’t know everything and so you can’t avoid continuing your education. Below you will find a few sources that I use from time to time.
The Morpheus Tutorials
The Youtube channel The Morpheus Tutorials by Cedric Mössner is always very helpful. Here you will find over 2000 videos on a wide variety of topics. Be it basics in computer science, programming, hacking or cryptography. There is something for everyone here.
Reports
Studies or reports are indispensable. With their help, you can quickly get a quick look at trends or the current situation. It’s best to see for yourself and decide what is useful or not.
Onapsis
The company Onapsis regularly publishes interesting studies and reports in its resource center. With their research laboratory, they also make a significant contribution to finding weak points.
Hackerone
On hackerone.com you will find a lot of information about hacking and related reports. There is certainly something for everyone here.
Austrian Federal Criminal Police Office
The Austrian Federal Criminal Police Office publishes an annual Cybercrime Report – a situation report on the development of cybercrime
German Federal Criminal Police Office
The German BKA also publishes an annual report on the state of the nation: BKA Cybercrime Report
Empfehlungen, Standards und Frameworks
What would you do without recommendations, standards, or frameworks? That’s why I’ve summarized a few helpful links below.
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) provides an important source of information with the Cybersecurity Framework or the Computer Security Resource Center
MITRE ATT&CK
With ATT&CK, MITRE provides a knowledge database for tactics and techniques to better assess attacks and risks. However, the Common Weakness Scoring System, which deals with the prioritization and classification of weak points, is also interesting.
The VERIS Framework
A helpful framework for scheduling security events and incidents.
ISO/IEC-27000
The 27000 family of standards is a set of standards for information security. Unfortunately, the standards are only available for purchase. You can get a good overview via the website https://www.iso27001security.com/.
CVSS
The Common Vulnerability Scoring System (CVSS) was originally commissioned by the U.S. Department of Homeland Security and has become an important industry standard for assessing the severity of a vulnerability. The entries can be retrieved via the National Vulnerability Database, for example.
BSI C5 Criteria Catalogue
The criteria catalogue C5 (Cloud Computing Compliance Criteria Catalogue) specifies minimum requirements for secure cloud computing. A look at it pays off in any case.
OWASP
The Open Web Application Security Project (OWASP) offers a lot of helpful information about software development.
CIS Center for Internet Security
At the CIS Center for Internet Security (cisecurity.org) you will find many benchmarks for Security in general.