Read here what SAP courses are available. Read here what SAP courses are available.
Data are the new oil? That's probably it! It becomes therefore fundamental to characterize where they reside and their criticality
Once all "standard" protection mechanisms are in place, namely infrastructure and application aspects, it is strategic to deal with the weakest link in the chain. The human side.
How to manage layer 8 of the ISO/OSI model?
Awareness-raising of corporate staff
Corporate education on data security issues, often required by some ISO certifications, has not always been implemented.
We focus a lot on the technological aspects underestimating the business user.
It's not talking about technical courses for professionals, but courses of "wide consumption" within the company, on raising awareness about data security issues.
But what data is relevant?
Usually sensitive data, even if widely present within information systems, aren't so easy to detect, for example:
- Data regarding personnel if SAP HR/HCM system is present
- Protection of sensitive documents SAP DMS (Document Management System). For example: technical drawings (CAD) or annexes of transactional documents.
- Discounts to customers
- Bill of Materials
- List of customers or suppliers or employees
Personal data must also be handled appropriately, see also GDPR.
What can be done?
There are several ways to promote these initiatives within the companies, we cite some:
- Post messages on corporate/social intranet
- E-learning Material (see example here)
- Posters affixed in the company
When is it useful to intervene?
The first suggested time to raise awareness on safety issues is immediately after recruiting. Through a specific moment of training.
But even during the life cycle of employees it is important to keep the focus on the topic.
Surveys or targeted quizzes can be helpful to understand where there are gaps and how to correct them.
How to measure training's efficacy?
It is not always immediate to measure return on investment (ROI). Whatever choice has decided to go.
Targeted and regular social engineering campaigns, in our opinion, may be a way to understand if the training has been successful.
In addition to measuring safety incidents in a management model, before and after training.
But it is possible to make social engineering also in SAP?
Yes, of course! There are many ways to extract or steal information.
Train and sensitize IT personnel who manage SAP applications allows to understand requests, from internal or external users, that may be suspicious.
Download the list of possible suspicious requests or to be cautious.
Blog post originally translated from: https://www.aglea.com/blog/sap-security-awareness-fai-sentire-la-tua-voce