Useful Links for Security

SAP Pages

When you’re just starting out with SAP Security, it’s not always easy to find the right pages at hand. Below you will find a few useful pages.

SAP Customer Influencer

SAP offers customers the opportunity to contribute their ideas and suggestions for improvement. You can simply get involved via the Customer Influencer Program. If you’ve created and entry, it’s best to share the improvement request in your network, the more customers vote for it, the more likely it is to be picked up by SAP.

SAP Security Optimization Services Portfolio

One of the central SAP Security entry pages is certainly https://support.sap.com/sos. In addition to the SAP Secure Operations Map and the SAP Security Baseline Template, you will find a lot of useful information about SAP Security.

SAP Trust Center

If you have to deal with the topic of SAP Cloud Security, you can’t avoid the SAP Trust Center and the My SAP Trust Center. For the latter, you simply have to register. Here you will find everything relevant to the topic of compliance and certificates.

Cloud Security Recommendations

Beside the SAP Baseline Template, SAP provides guides for the cloud environment, the so called Cloud Security Recommendations. Here can you find recommendations for BTP, Ariba, Commerce Cloud, etc.

Cloud Discovery Center

In the Cloud Discovery Center you will find everything about the Business Technology Platform Services. Starting with a lot of information, links and learning material to learning missions.

SAP Development Tools

On the SAP Development Tools website  you will find all kind of development tools to try out and test.

SAP Whitepapers

If you are looking for security whitepapers, you can find them under the following quicklink https://support.sap.com/en/security-whitepapers.htm

SAP Ports

If you’ve ever wondered which ports SAP uses, then you’ll probably find a suitable answer in the SAP Port Viewer

SAP API Business Hub

You can find everything about APIs in the SAP API Business Hub.

Datenschutz

Since the General Data Protection Regulation, the topic of data protection has gained momentum. The reason for this is probably the high penalties and the presence in the media. And of course, the whole thing also has an impact on SAP and the work in this area will not run out so quickly. If you want to get an overview of the topic, I can recommend the following pages.

EU Law

On the EUR-Lex website you can find the General Data Protection Regulation in various languages to download and compare directly. https://eur-lex.europa.eu/eli/reg/2016/679/oj

Overview of GDPR penalties

The GDPR Enforcement Tracker website  gives a nice overview of penalties imposed.

Global Data Protection Regulations

On DataGuidance.com you will find an overview of the various data protection regulations around the globe.

Learning stuff

Even if you have been working in the IT industry for a long time, you can’t know everything and so you can’t avoid continuing your education. Below you will find a few sources that I use from time to time.

The Morpheus Tutorials

The Youtube channel The Morpheus Tutorials by Cedric Mössner is always very helpful. Here you will find over 2000 videos on a wide variety of topics. Be it basics in computer science, programming, hacking or cryptography. There is something for everyone here.

Reports

Studies or reports are indispensable. With their help, you can quickly get a quick look at trends or the current situation. It’s best to see for yourself and decide what is useful or not.

Onapsis

The company Onapsis regularly publishes  interesting studies and reports in its resource center. With their research laboratory, they also make a significant contribution to finding weak points.

Hackerone

On hackerone.com you will find a lot of information about hacking and related reports. There is certainly something for everyone here.

Austrian Federal Criminal Police Office

The Austrian Federal Criminal Police Office publishes an annual Cybercrime Report – a situation report on the development of cybercrime

German Federal Criminal Police Office

The German BKA also publishes an annual report on the state of the nation: BKA Cybercrime Report

Empfehlungen, Standards und Frameworks

What would you do without recommendations, standards, or frameworks? That’s why I’ve summarized a few helpful links below.

National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST) provides an important source of information with the Cybersecurity Framework or the Computer Security Resource Center

MITRE ATT&CK

With ATT&CK, MITRE provides a knowledge database for tactics and techniques to better assess attacks and risks. However, the Common Weakness Scoring System,  which deals with the prioritization and classification of weak points, is also interesting.

The VERIS Framework

A helpful framework for scheduling security events and incidents.

ISO/IEC-27000

The 27000 family of standards is a set of standards for information security. Unfortunately, the standards are only available for purchase. You can get a good overview via the website https://www.iso27001security.com/.

CVSS

The Common Vulnerability Scoring System (CVSS) was originally commissioned by the U.S. Department of Homeland Security and has become an important industry standard for assessing the severity of a vulnerability. The entries can  be retrieved via the National Vulnerability Database, for example.

BSI C5 Criteria Catalogue

The criteria catalogue C5 (Cloud Computing Compliance Criteria Catalogue) specifies minimum requirements for secure cloud computing. A look at it pays off in any case.

OWASP

The Open Web Application Security Project (OWASP) offers a lot of helpful information about software development.

CIS Center for Internet Security

At the CIS Center for Internet Security (cisecurity.org) you will find many benchmarks for Security in general.