Attend the full Audit & Security of SAP Training Week and save 10%
In this two day seminar we will help you take your SAP technical auditing skills to the next level. You will learn the advanced risks and control opportunities that should be considered in a thorough audit of the SAP basis system and security. You will acquire the knowledge and skills to progress beyond the basic auditing employed by many auditors and become competent at an advanced auditing level.
Over two days you will:
- Practice techniques discussed on a sandbox SAP system, and get the chance to perform a quick end-to-end security assessment
- Review the additional security risks posed by the SAP Netweaver components, and the transactions within SAP for understanding key settings
- Explore the various table types within SAP, and practice some basic data interrogation techniques using SAP Query tools embedded within the application
- Learn where to go to get the best security-related advice and perform additional research on other technical basis-related topics
- Review the ‘system hardening’ guidelines provided by SAP related to common attack scenarios in SAP ABAP as well as the JAVA layer, and how proper system settings and coding techniques can prevent exposure to common attacks (such as SQL injection and man-in-the-middle attacks)
- Have a first-hand look at some largely-unpublished risks within SAP, including an example where a user may look via standard SAP security reporting as having innocuous access when in reality they have SAP_ALL-type privileges, and learn how to see if these risks affect your installation
Methodology: A live SAP system will be used for demonstration, complemented by referential screen shots, and reinforced by group discussion and class exercises
Course Director:Steve Biskie, CISA, CITP, CPA
As the author of the only book published by SAP Press related to auditing SAP, Surviving an SAP Audit, (SAP Press, 2010) and having led more sessions at the SAP GRC series than any other speaker in the history of the event, Steve Biskie is internationally regarded one of the most sought-after trainers in the world when it comes to the topic of an SAP audit. He has been involved with SAP systems in a variety of roles, including as an internal auditor, consultant, implementation team member, compliance team lead, and SAP Steering Committee Chair. He has worked directly with SAP as part of the SAP Influence Council for the Management of Internal Controls (MIC) tool, the first iteration of what is now the SAP GRC suite. Steve was also the keynote speaker at the first Sarbanes- Oxley for SAP Customers event. He has taught thousands of business, IT, and audit professionals about dealing with the intricacies of SAP.
Past Delegate Feedback
“Good course, clear structure and examples, applicable and valuable for attendees” Nokia
“A great overview of SAP for the IT auditor. I now feel confident in carrying out an audit of SAP” EON