PALO ALTO, Calif., May 1, 2017 /PRNewswire/ -- EAS-SEC, a non-profit organization focused on enterprise application security, with the support of ERPScan, a leading provider of business application security products and services, released the first-ever comprehensive SAP Cybersecurity Framework, which combines predictive, preventive, detective and response measures.
We are witnessing the growing number of attacks against ERP systems with several notorious incidents covered by the media. Moreover, security experts predict that the number of such attacks will increase in next 12 months. This fact calls for change in approach to the security, a cutting-edge one should balance traditional defensive (access controls and Segregation of Duties) mechanisms and proactive measures. Besides, SAP security should be seamlessly joined into the whole enterprise security process.
The Framework consists of 20 categories, each describes specific protection processes (e.g. asset management, incident management, or threat intelligence). All are in line with industry recognized frameworks and approaches from NIST, SANS, ISO, CIS, but reflects the specifics of ERP systems.
"SAP Cybersecurity Framework is a logical extension of our previous work of promoting measures towards a secure SAP implementation. While the first document SAP NetWeaver ABAP Platform Vulnerability Assessment Guide (released in 2014) is a set of technical controls to securely configure an SAP system, the new one is more high-level and outlines the most important steps in terms of where-to-start issues at the organization level, involving areas ranging from Vulnerability Management to Governance and cooperation between departments. The document was carried out jointly with CISOs of big enterprises and consultants with experience in ERP security." - added Alexander Polyakov, President of EAS-SEC.
The Framework implements Gartner's approach to adaptive security architecture in the area of ERP security. It defines 4 categories for SAP protection processes: predictive, preventive, detective and responsive. For each area, SAP Cybersecurity Framework provides a three-step roadmap towards the realization, where:
- The first step is a required minimum.
- The second one provides you with a sufficient level of security.
- The latter includes advanced measures to adjust your security posture to the most advanced security technologies.
"Security managers face the problem of disintegrated actions and have to build the strategic options and environment to ensure the security of business applications. Another challenge is that SAP security should be integrated into the whole enterprise security process to ensure comprehensive protection. The main objective EAS-SEC SAP Cybersecurity Framework is to resolve this issue." – commented Michael Rakutko, Head of Professional Services at ERPScan.
Download the EAS-SEC SAP Security Framework to set up a solid ERP cybersecurity foundation within your organization.
ERPScan is the most credible Business Application Cybersecurity provider. The company operates globally and enables large Oil and Gas, Financial, Retail, and other organizations to secure their mission-critical processes. Named an 'Emerging Vendor' in Security by CRN and distinguished by 40+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.
ERPScan's primary mission is to close the gap between technical and business security and provide solutions for CISOs to evaluate and secure SAP and Oracle ERP systems. Our clients are large enterprises, Fortune 2000 companies and managed service providers.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/erpscan-introduces-first-high-level-sap-cybersecurity-framework-300448607.html