Checkeos y auditoria de SAP R/3
En el caso en que se deba realizar una auditoria sobre SAP R/3, es bueno tener una lista de controles a realizar y que permitan revisar su infraestructura y su seguridad:
- R/3 Security- Audit Check
- SAP R/3 user ID SAP* and other system user id has been adequately secured.
- The production system has been set to productive.
- Access Restriction: SCC4 and SE06
- S_DEVELOP is securedChange management is secured and controlled
- Transport access to production is restricted
- Developer access in production
- Change critical number range is restricted
- Custom tables has authorization groupLocking of sensitive systems transaction codesBDC user types should has only required accessRun Program in the back ground
- Changes to critical SAP R/3 tables are logged
- Scheduling and Monitoring Batch jobs
- Access to run reports should be restricted.
- Critical and custom SAP R/3 tables are restricted
0 Comments:
Publicar un comentario
Gracias por dejar un comentario en Segu-Info.
Gracias por comentar!