What you don't know about SAP security could hurt you 

Many organizations running the SAP system have hidden or misunderstood security issues that could result in significant harm if not addressed. In this session we will cover traditional issues related to the authorization concept, such as failure to understand that a focus on TCodes results in an incomplete security model or analysis, as well as emerging risks related to Fiori, Solution Manger, the HANA database, and even cybersecurity. Regardless of your depth of SAP security knowledge, this course is for you.

After completing this session, the learner will:

• Understand exactly what gets checked when a user runs an SAP transaction
• Be able to explain the multiple pathways to the SAP database and how to secure them
• See several common ways SAP controls and security mechanisms can be bypassed (via live demonstration)
• Learn the additional security risks that need to be considered in the move to SAP S/4HANA
• Be able to articulate why SAP cybersecurity risks are likely being missed in traditional assessments, and create a business case for shining a light on these issues

Steve Biskie, Principal at RSM

Steve Biskie, Principal at RSM, is an internationally-recognized expert on SAP audit, risk, and compliance issues.  He is the author of Surviving an SAP Audit, (SAP Press, 2010), and an expert reviewer for the book Security, Audit, and Control Features:  SAP ERP (3rd & 4th Editions).  Steve also teaches beginner through advanced SAP auditing courses through aci Learning (formerly the MIS Training Institute), and has traveled to more than 18 countries to share his expertise.